Skip to:
Content
Pages
Categories
Search
Top
Bottom

Re: bbPress 1.0 released


_ck_
Participant

@_ck_

Speaking of .htaccess I want to express how I simply cannot disagree more with the suggestion during bbPress 1.0 install to make it writeable by bbPress.

Opening .htaccess to writes by PHP is an INCREDIBLY bad idea security-wise.

Never, ever, make any part of your bbPress (or WordPress) install write-able or you are just begging to be hacked sooner or later. Always use FTP and replace it yourself.

If you are on a shared server, the vulnerability is magnified many more times.

Directories used for caching and uploading that simply must be writable should always be “above” the web-root so that an attacker cannot easily execute files they just uploaded or modified.

One day bbPress will have a template editor like WordPress and I will have to recommend deleting it and never chmod’ing the template directory as well.

Skip to toolbar