Also, for people’s interest — here’s Matt talking about BackPress at WordCamp 07; http://www.viddler.com/explore/cdevroe/videos/228/241.45/BackPress/
That sounds great. You know that the same framework, the same look and the same feel do drive us crazy. Forums should not be restricted but varied.
BBpres is extremely hackable for Iframe attacks and code injection. My BB was hacked 3 times, always used last version.
Looking for another now….
That’s a fairly serious accusation and warrants an investigation if true. Can you be more specific please?
bbPress does a lot of filtering of user input to avoid these things. What part of bbPress was exploited? A topic, a profile?
Code injection in bbPress installs is usually a symptom of insecure shared hosting, not bbPress itself.
Why switch to bbpress? WordPress is highly configurable and there are a lot of plugins. And if you want you can change the source code on your own server…..
bbPress is not a competitor to WordPress, it is a complimentary product.
Could you explain what you were using? My personal experience with bbPress is really great and hackers tried to hack some websites i have, but dont manage to get in to it. So i really wonder.
This topic is old – bbPress has not been hacked – there was an exploit for all of a day or two back in 0.8 that was quickly fixed.
What’s happening is that OTHER programs on the same account or server are being hacked and what they do is attach themselves to the bbPress templates though those other programs.
In over 4000 sites, I’ve only detected 8 XSS hacks so it’s obviously coming in through other programs and not directly (or the problem would be far more widespread).
(And by the way, if you keep getting hacked, that means your server has been compromised and need to be wiped and re-configured. Just re-installing the PHP programs won’t fix the issue if there is a a hidden backdoor elsewhere. )
Been a few months. Where does one keep up with the developments (other than the trac/code stuff which I dont understand)?
So is it safe to use or should one just know a lot about it?
It is safe to use the stable version of 0.9.0.2