Re: bbPress 1.0 released
.htaccess I want to express how I simply cannot disagree more with the suggestion during bbPress 1.0 install to make it writeable by bbPress.
.htaccess to writes by PHP is an INCREDIBLY bad idea security-wise.
Never, ever, make any part of your bbPress (or WordPress) install write-able or you are just begging to be hacked sooner or later. Always use FTP and replace it yourself.
If you are on a shared server, the vulnerability is magnified many more times.
Directories used for caching and uploading that simply must be writable should always be “above” the web-root so that an attacker cannot easily execute files they just uploaded or modified.
One day bbPress will have a template editor like WordPress and I will have to recommend deleting it and never chmod’ing the template directory as well.