security
-
I am new to WordPress/BBPress and am coming from PHPBB.
I am creating a bulletin board using the BBPress plug-in for WordPress. I’m not planning on really using WordPress (yet) for my website. It’s just a few static pages, a css file, and, soon, a forum.
My board will be for just fifty people and I would like to create all the accounts myself so that I don’t have to worry about spam posts from bogus accounts.
- In PHPBB, there is a control panel option to disable the ability to create new accounts? I don’t see that option in WP/BBPress. How would I do that?
- I think I read on this forum that I can make my board invisible to non-members, but that is not a control panel option. What’s the prefered way for a newbie to do that?
Also, I read an article on WP security, Top 5 WP Vulnerabilities and How To Fix Them.
http://www.esecurityplanet.com/open-source-security/top-5-wordpress-vulnerabilities-and-how-to-fix-them.htmlVulnerability # 1: SQL Injection & URL Hacking.
Vulnerability # 2: Access to Sensitive Files.
Vulnerability # 3: Default Admin User Account.
Vulnerability # 4: Default Prefix for Database Tables
Vulnerability # 5: Brute-Force Login Attempts3, 4, and 5 seem pretty obvious to me. However, for help with mitigating the threat of Brute-Force Login Attempts, the author refers to two plug-ins: Limit Login Attempts and Better WP Security. Are these the preferred plug-ins? Although, I really must ask you guys why these two plug-ins aren’t written into the core software in the first place? In fact, shouldn’t the control panel also allow me to limit the creation of new accounts, as well?
I know BBPress, as a plug-in, is new, but WordPress has been around for ten years. Are the features that I list above planned for future releases, or is security not really an issue for the WP community, but rather up to each user?
Before I forget, how do I implement the solutions to the first two vulnerabilities? Do I just copy the code that the author lists into my .htacess file?
I don’t want to sound critical of WP/BBPress, or be the guy who is constantly comparing it to PHPBB. I just want to know the mentality behind it and, really, what I am getting myself into. I had a pretty secure PHPBB board that was easy to set-up and manage, but it was boring and looked like every other PHPBB board out there. I was told that WP/BBPress is customizable (some guy on your board showcases a beautiful board about Stratoliner motorcycles) and more secure than PHPBB. I hope to explore these features without becoming a full-time board developer nor becoming a php guru.
Thanks. I really appreciate this forum. I have been reading all sorts of posts. So if these questions have been answered, please don’t flame me; it’s not for lack of searching.
- You must be logged in to reply to this topic.