Ah I see – you’d like to add a theme editor to bbPress?
The Theme editor is what I mentioned earlier as a huge existing potential security hole in WordPress. It seemed to be a major attack vector in the recent Bablooo spammer attack, which hit one of my sites; it allowed the virus to add spam links to existing posts. If they had wanted to, they could have easily overwritten the posts completely – or even deleted them.
I would highly encourage you to delete the theme editor file from any existing WordPress installs… at least until WordPress has diagnosed the vulnerability and if appropriate, issued a patch.
But if you feel safe behind your firewall… I suppose you could pay a developer to build a plugin which lets Adminstrators and above write to your file system using the bbPress admin. There’s definitely no existing bbPress plugin that I’m aware of! Maybe WordPress’s code could be ported…
Good luck!
Why this translation can’t be in the official package version of bbPress?
@johnhiler: Sorry for the confusion. I am not talking about a role permission with bbpress. I am actually talking about the Theme editor that wordpress has. That way theme modifications can be made without having to use ftp. It looks like though that I am not going to get that luxury.
It’s kind of hilarious they have blocked ftp yet template upload and edits via php can completely open your system to security vulnerabilites. We’re still trying to figure it out but I have a strong suspicion of the WordPress theme-editor.php causing a large number of WordPress sites to get compromised recently:
babloo/blyat spammer attack on many WordPress blogs
The day bbPress gets a built in theme-editor, delete the file immediately.
Also delete xmlrpc.php unless you absolutely need trackbacks/pings.
And never, ever, use a dictionary word within a WordPress password as there’s no limit on login attempts.
Perhaps because if you will install wordpress in https:// domain, secure_auth_salt will be created automatically.
Hi, just tried to install bbpress 1.0-RC3. Step 1-3 was no problem but after step 4 I got the following info:
“Your installation completed with some minor errors. See the error log below for more specific information.”
“Show installation messages”
Installation errors: “Forum could not be created!”
Is there anybody who knows how I can solve that problem? I’ve no idea why it could not be created…
Installation log:
Referrer is OK, beginning installation…
Step 1 – Creating database tables
>>> Database is already installed!!!
Step 2 – WordPress integration (optional)
>>> Integration not enabled (I made this before….thats not the problem I know where to find keys and how copy/paste works)
Step 3 – Site settings
Site name: page1
>>> Site address (URL): http://ssssss.com/
>>> From email address: dxd@dffff.com
>>> Key master created
>>>>>> Username: admin
>>>>>> Email address: dxd@dffff.com
>>>>>> Password:
>>> Description: Just another bbPress community
>>> Forum could not be created!
>>> Key master email sent
There were some errors encountered during installation!
I use latest wp mu version and latest buddypress version.
WordPress and bbPress permission levels work a little differently… bbPress doesn’t have an “editor”. In addition to the basic level of “Member”, we have Moderators, Administrators, and Keymasters.
What sort of things do you want your editor to be able to do?
@johnhiler: That makes a lot sense to me. I have three servers full of wordpress blogs and for the last three months I have been hammered with viruses and hacks. This is something I need to pass onto my server admin!
However, for the specific project I’ve mentioned above our forum will reside on the company intranet. We are behind a firewall and only those from our company can access the forum. So, I would still like to add an editor. Can anyone point me to documentation on how to do this?
By the way, I really appreciate the input from both Ipstenu and johnhiler. It helps as I stumble around figuring out bbpress!
Hi!
Having the same problem here: I can´t login to bbpress & wordpress at the same time. I´m using wp 2.8, bbpress 1.0 rc3 and the bbpress integration plugin 1.0-rc-3
I don’t think there’s a theme editor built into bbpress… but I would highly recommend against it.
There’s been a recent WordPress virus which has hit thousands of of sites, and used the theme-editor as an attack vector:
http://ckon.wordpress.com/2009/06/05/bablooo-spammer-attack-on-several-wp-blogs/
My WordPress install was hit, and I was able to confirm from my access logs that the attacker attempted to use theme-editor as an attack vector. I’m actually deleting the theme editor from my WordPress install, even though I haven’t enabled write permissions on the theme folders… just because the whole experience was so traumatic.
Will bbPress 1.0 integrate easily with WP2.8 when it releases? Currently I have WP 2.8 and bbPress .9.0.5 installed. I’m wondering if I should keep pulling my hair out trying to get these two to work together or if I should just wait for 1.0 to release.
Not every wordpress installation have secure_auth_salt – you can skip this part, as it’s related to https:// protocol – I mean, as long as you’re not using https:// for your websites 
.
Fresh WordPress 2.8 and bbPress 1.0RC3 installation.
I have assigned the ‘Authentication Unique Keys’ correctly in WP (auth_key, secure_auth_key, logged_in_key, nonce_key).
Now when I check options.php in WordPress I have the following:
* auth_salt
* logged_in_salt
* nonce_salt
Thats it! No secure_auth_salt!!
The cookie change took me by surprise too and is a bit of a pain in the neck generally.
I predicted this problem at the start of April (and they argued that I was wrong).
http://ckon.wordpress.com/2009/04/03/wordpress-28-might-break-login-compatibility-again/
WP developers simply do not give a darn anymore about backwards compatibility, they just want to do whatever they want to do. Personally I’m getting really tired of their attitude.
@burtadsit, I think this is what you need for compatibility with WordPress < 2.8:
define('WP_AUTH_COOKIE_VERSION', 1);
https://bbpress.org/forums/topic/bbpress-10-release-candidate-1#post-30330
Ah I had never seen the One Click Updater for WordPress… that’s a neat plugin!
https://wordpress.org/extend/plugins/one-click-plugin-updater/
I haven’t seen anything similar for bbPress. Has the plugin been audited for security holes? If it was compromised, that would be one scary situation!!
I’m guessing it could be ported over to bbPress pretty easily… plugins and themes work pretty similarly across the two *Press platforms.
Sorry, I wasn’t clear. I know that bbPress is not a plugin. This is abundantly clear. However, I am looking for a plugin similar to what you can find in a regular wordpress blog (One Click Updater) to add to bbPress that will give uploading capability inside the bbPress admin.
When you are supporting a large company of 1,000+ employees restricting access is very prudent. We have learned in the past the damage many hands can do to a site (particularly, if they are marketing hands, which are the one’s who want to change the bbPress theme).
Any insight on finding such a plugin would be very appreciative!
“If you are integrating with WordPress < 2.8 then you ned to make an additional setting in bbPress to get cookies to be compatible. “
Can anyone share what this mystery ‘additional setting’ is?
Okay, I have been on wordpress since 2006, but just started to dabble with bbpress. I am launching a forum for our company intranet. Due to security our IT department has locked down the ftp to the server. However, we want to install a bbpress plugin like “One Click Updater” (used for wordpress). I have found the plugin browser, but I haven’t found anything for uploading themes. Does anyone know of a plugin that I can use for this? Also, as I have poked around the admin I noticed that there isn’t a theme editor. Does that require a hack or another plugin? This would be very helpful. Please let me know as soon as possible. Thanks!
No issues! Jump ahead and make it happen. Its nothing that can’t be done 
Hi guys,
I was facing the same problem here, but I could solve it. Basically, I put this on wp-config.php:
define('COOKIEHASH', '65f9fb5b6e5df178e02402af4495ed46');
define('COOKIE_DOMAIN', '.www.rodrigoghedin.com.br');
define('SITECOOKIEPATH', '/teste/');
define('COOKIEPATH', '/teste/');
And this in bb-config.php:
$bb->cookiedomain = '.www.rodrigoghedin.com.br';
I’m running a test installation. Main WordPress is in a directory (/teste), and bbPress is a sub-directory (/teste/bbpress). Right now, it’s working fine.
[]’s!
@manguni
For integrating WP 2.7.1 with bbPress 0.9.04 or 0.9.0.5, you can use this tutorial of mine :
http://blog.ashfame.com/2009/05/integrate-bbpress-forum-with-your-wordpress-setup/
I have integrated several setups using this tutorial.
Let the bbPress 1.0 come out and I will write a tutorial for its integration with WordPress 2.8 too. At the moment WordPress 2.8 can’t be integrated by using the method I wrote.
I am also facing the problem related to login. I have installed both wordpress blog and bbpress forums. But on integrating them, i am facing a problem of login into my account while using firefox. Although it is working properly in other browsers. Please check http://bits-oasis.org/blog and http://bits-oasis.org/forum
i have instal & integration bbpress 0.9.04 & WP 2.7.1 and there have wrong way,
instalation mesage:
>>> WordPress cookie secret key not set.
>>>>>> Your “bb-config.php” file was not writable.
>>>>>> You will need to manually define the “BB_SECRET_KEY” in your “bb-config.php” file.
Key master email not sent!
i just copy four WP secret key to bb_config.php:
define(‘AUTH_KEY’, ‘^y?+[8|=-QR1cngc>:Kd:%8:ob/67|{#Trw1wV}{YDUngFP 2DL5ibGmfp8CiknU’);
define(‘SECURE_AUTH_KEY’, ‘3C%:+qR(Jkuan5oA#Eq2 vq;siUcsF- D^,fij:pV0<|ZD!gHZjlHO8k?(7`sh’);
define(‘LOGGED_IN_KEY’, ‘A;nBjuz%qGr$F<]{G_L8%tM?{PT5+_{a?lkBs%)4]t_)9;vZgy,s)m<W=/l+9M$*’);
define(‘NONCE_KEY’, ‘V-_=k,n).uzdcm65)f)2jAdST8s4EARpWMhOX26Q0e8x8[UB|LI|hcyptQtYbw’);
but login still different betwen WP and bbpress. what ur think?
