Perfect! Thanks so much, @robin-w for sharing your thoughts. The “Mature” plugin sentiment echos my thinking exactly, but I wasn’t 100% certain so I figured no harm done with asking. Thinking of the “mega work” to move from bbPress at our own site was behind my post! So appreciate your reply. It is good too having this thread available for anyone else with WordFence researching the same message. Thank you too for the warning about the theme choice(s). Good to know! I think I’ve already run across this issue.
I am just a moderator here, and not a bbpress author.
The authors tend to release updates every few years, rather than more frequently.
My personal view is that you should consider bbpress to be a ‘mature’ product, ie any releases will be to fix issues rather than add functionality.
bbpress is written really well, and has loads of hooks. There are no show stopper bugs in it, it may throw a few deprecation notices (and these are very few at the moment), but WordPress recommends that you should not show error messages in live sites.
I currently have my test site running WordPress 6.4.x and php 8.2 with no issues.
The only major issue with bbpress at the moment is that it does not work well with FSE themes.
However my bbp style pack plugin has fixes for this
bbp style pack
as well as block versions of the widgets and a ton of styling and functionality add-ons.
All plugins are subject to the authors commitment, and bbpress is no different.
The main WordPress support forums use bbpress, and it would be mega work to move those over to some other product.
The Wordfence warning is one that is automatically pumped out when a plugin reaches certain parameters. I love Wordfence and use it on all my sites, but these ‘catch all’ warnings can alarm people when they do not need to.
But with open software you make your choices….
Thank you @robin-w for your kind answer. I appreciate your time to look into this question and your diligence in answering people’s questions. It seemed this topic went in a different direction than I was expecting/asking, but perhaps I’m misunderstanding everyone’s answers? According to the security plugin WordFence documentation on their knowledge base it says the issue with bbPress is:
Plugin appears to be abandoned
This scan result means that a plugin has not been updated in 2 years or more. This can be a problem because it means that the plugin author has not made any changes for a long period of time. Sometimes that means it will not be fully compatible with newer WordPress versions, reported bugs may not be fixed, and new security issues might not be addressed.
The scan result also shows if this plugin has a known security issue that has not been fixed. If that is the case, it is recommended that you remove the plugin as soon as possible, and replace it with a different plugin if you need the same functionality.
There are two types of alerts for abandoned plugins, “Medium” and “Critical”. An abandoned plugin will generate a Medium alert. If the plugin also has unpatched security vulnerabilities, the scan result will be Critical. Plugins that are abandoned should be evaluated in terms of what risk they may pose. Unless you know that the code in the plugin is safe, you should start looking for a replacement. Plugins with unpatched vulnerabilities should always be removed.
When I read this guideline from WordFence and look at the bbPress website, as well as reading what WordPress says about it and what information about bbPRess displays inside my dashboard of the install, I’m not certain which instruction to follow. Should I consider it abandoned? Well, someone came here and answered my question named moderator and other people also visited this thread and commented who seemed to assume my question was a PHP compatibility question (i don’t know, is my question a PHP compatibility issue i’ve yet to discover?) so if people are actively reading a support thread that’s not “abandoned” in the sense people are here interacting still. But abandoned where coders who are behind the coding of bbPress watching developments and using the best security practices and applying them? I’m not certain and am not sure how to decide that info without posting again to ask. As a non-coding person I have no way of knowing without asking.
Is bbPress still in development, being monitored and updated by careful coders who look over it, or is the core code maintenance abandoned with some core enthusiasts who are still using it here interacting but not coders who know what’s what in the code? Unfortunately, I don’t read code. I am not a coder. So i have no way of knowing.
Hello everyone,
Since the update to version 12.0, there have been numerous changes. One of them is the desynchronization between the “favorite” and “subscribe” features in BuddyPress and BBPress. Is there a solution to address this issue?
Thankyou
WP 6.4.2, bbPress 2.6.9, site private
In one forum we have many subforums (children), >50, but only the first 50 show in indexes on the main Forums page and on the parent forum page. Can anything be done about this?
Admittedly I am not a developer and don’t know much about PHP, but I am using a PHP compatibility plugin before upgrading my site and this is what it shows for bbPress:
In share your frustration, but bbpress 2.6.9 works with PHP 8.2.x
If some of your other plugins are not compatible with 8.2 then you probably need to be pushing for those to be compatible, rather than bbpress needing to be compatible with no longer supported and possibly insecure older php versions.
What plugins are causing issues ?
It doesn’t seem to be compatible with later versions of PHP, but some of my other plugins are not compatible with my site’s current PHP version. Will this ever be updated?
I found another forum topic from 2017 (!!) that bbPress wasn’t compatible with PHP 7.1 and it said there that the next version will fix that. It doesn’t seem to have fixed it…
PHP Version
What now?
Word Fence security plugin told me today:
“Issue Found:
The Plugin “bbPress” appears to be abandoned (updated November 29, 2021, tested to WP 6.3.2).
Type: Vulnerability Scan”
Is this true?
I cannot remember what manage subscriptions did, but in style pack subscriptions management tab replaces what bbpress toolkit did with subscriptions
the unread posts tab I believe directly replaces the unread posts plugin
Thank you for your response.
bbp manage subscriptions has been withdrawn
bbpress toolkit should not be used as it was closed due to a security issue
bbpress unread posts is also no longer maintained
What will happen to our site if I delete them? I took a look at ‘bbp style pack’ but was not clear if it will keep our site functioning after deleting these 3 plugins above.
Thank you so much for your time.
Thanks
I’m not sure that these would be causing false registrations, as bbpress just uses the wordpress registration system.
bbp manage subscriptions has been withdrawn
bbpress toolkit should not be used as it was closed due to a security issue
bbpress unread posts is also no longer maintained
the key features of all 3 are now in
bbp style pack
Hi, I need help. We, a non-profit organization with no sponsors, have no developers. I am the only one trying to maintain the site. I am not too sure if I fully understand how bbP works. I installed them by someone’s recommendation on the net or the PacIt book. It’s been a long time. I don’t remember the details. The forum is still active, and we have about 4.5k subscribers.
I have noticed a couple of bbP legacy plug-ins that seem to be inviting attackers, and I don’t know what to do. They are as follows:
– bbP Manage Subscriptions
– bbPress Toolkit
Other bbP plugins installed are:
– AsynCRONous bbPress Subscriptions
– bbPress
– bbPress Unread Posts v2
– GD bbPress Tools
Any pointers would be appreciated
ok, that is neither a bbpress or bbp-style-pack plugin.
what other bbpress related plugins do you have?
Get this too, mostly on expired pages.
When first using BBPress, not long ago – roughly the time of the OP, no issue.
the nonce error started cropping up sometime after the installation of BuddyPress and BBPress, when it happened, you could back out and retrieve the cached text of the post. Regarding the error there is also this solution, would you recommend that?
since then, providers have changed, no change to the error, the cache has also disappeared, so the post cannot be retrieved.
Tried ChromeCacheiew to extract anything from the cache, no dice, is there anything one can do, if not addressing the nonce error, retrieve the last/lost cache?
Thanks
WP 6.4.2, bbPress 2.6.9, site https://perfectlyokay.org/ (members only)
For admin reasons we need to create a bunch of new topics in a particular forum that we’d like NOT to show up on page 1 of bbp-topic-index as they’ll push other topics that people might actually be interested in off the main Forums page. Is there any way of doing this?
I know that quite a few bbpress sites use PM Pro, and I have not seen this as an issue and it doesn’t come up in a search.
I don’t have PM pro, so can’t directly help further.
Given that you have paid for a product which claims to be a bbpress integration product, I would expect support or a refund if it does not work.
Hi Robin.
Thanks for the quick reply.
We have that PMP add-on installed.
I’ve already reached out to PMP support and they’ve said the same thing – to reach out to bbPress support…
I’d suggest you raise this with PM Pro since you paid for the product.
You might (or might not) need this
https://www.paidmembershipspro.com/add-ons/pmpro-bbpress/
We’ve run into the following issue on our site.
Whenever a new Free Member registers, they should get a custom role called Free Membership Plan. However, bbPress overrides this somehow and the role they receive is Participant. This happens even if we choose not to have all new members added to the Participant role.
On our site, we use Paid Memberships Pro which manages user levels (who gets access to what content), so in addition to WordPress’ site roles, we have user levels and bbPress’ forum roles.
We have deactivated bbPress and the issue went away. However, we would love to keep using bbPress as our Forum software.
Would anyone be willing to help us out here?
Thanks,
Steve
bbpress just uses WordPress login, so it is that area that needs researching.
WordPress uses login cookies, so if your browser does not have cookies enabled then it would not remember you.
Given that it works on some of your browsers but not others, then it would tend to indicate a browser issue rather than website.
you could also look at
https://stackoverflow.com/questions/52879240/remember-me-functionality-doesnt-work-properly-in-wordpress
Thanks Mike… We have a Facebook Group that has over 260,000 members and we are hoping to convince as many as possible to instead come over to our blog. I have a team of seven moderators and a community director to keep everyone playing nice. If we can only get a small percentage of our FB members to come over, we will still have thousands on our bbPress forum so I’m hoping it will handle the load of whatever we get
Hello BBpressers 🙂
Left, center and right align show correctly on my moderator account, but like “<p style=”text-align: left;”>vasen</p>” for the forum “participants”.
Same for adding <h1>HEADER</h1> in the text editor, which the Graphic shows correctly, but when a participant sends the message you just see what you have written.
Example https://pokerifoorumi.org/aihe/testi-ketju/#post-1918 and the next post.
How could I approve a bit of basic html, or at the very least get the graphic side to work properly for the participants?
WP 6.4.2, Hello Theme, BBpress 2.6.9, TinyMCE Visual Tab 1.0.1
@mike80222 writes a really good response.
bbpress is used on the support site of WordPress itself – ie it is what almost all the themes and plugins have as their support tool, eg
https://wordpress.org/support/plugin/gutenberg/
and
https://wordpress.org/support/forum/how-to-and-troubleshooting/
that last one has 23,000 pages of 30 topics so to say wp is not good for forums and that it would clog your server is maybe not accurate.
bbpress is used on 200,000 wordpress sites, including this one.
All plugins and themes have the potential be be unsecure. Indeed as I write this, the Elementor plugin which is installed on almost 9 million sites has a vulnerability which has just been fixed.
If you really want to secure your site then as Mike says, install the Wordfence plugin, it is really worth it. The free version will gets you lots, but if your site is more commercial and not a say a poetry writing forum, then paying $119 for the professional version is well worth it. You get same day protection from issues found by an army of bug hunters.
Hi @rvpodcast,
I’m not a WordPress, bbPress, or security expert — but I’ve been using bbPress for forums on a couple of different sites for almost 5 years now. I’m not aware of any current or recent security issues with bbPress itself. WordPress has had a number of them. I suggest looking at one of the several available “vulnerability” databases WRT this kind of thing. I mostly use Wordfence (and I also use their security plugin on all my WordPress sites).
For what it’s worth, my most active site has about 500 users. So I don’t have any experience with a really high-volume site.
It is definitely important to take some time making this decision, because once you choose your forum software, it’s not going to be easy to switch!
Hope that helps.
Mike
