There are many things you can do to keep your MyBB Installation secure – the below list contains 5 basic ways to make sure your MyBB Forum is as secure as possible. I’ve tried to keep it as simple and concise as possible. Leave a comment if you don’t understand and we’ll clarify.
- Keep your MyBB Software Up-To-Date – Always make sure your running the latest version of MyBB. Using the Version Check tool from your Administration Control Panel you can always check for the latest version of MyBB and latest announcements.
- Sign up to the MyBB Mailing List – By signing up to the MyBB Mailing List you can receive notification of important MyBB updates and releases, allowing you to update your forum in a timely and fashionable manor.
- Rename your “admin” directory – Renaming your admin directory to something else will greatly reduce the risk of someone being able to hack their way into you Administration Control Panel.
- Using an FTP Program navigate to your forum directory.
- Find the ‘admin’ directory and rename it to something less obvious. If you want to be really secure you can use an online program to generate a name for you. For example: http://www.pctools.com/guides/password/
- Now that you’ve renamed your admin directory we need to update the configuration file so MyBB knows what it is called. Navigate to your ‘inc’ directory and open up config.php using a Text Editor such as WordPad.
- In config.php Find:
$config['admin_dir'] = 'admin';
- Replace with the new admin name (where admin-name is the name of the new admin directory you set):
$config['admin_dir'] = 'admin-name';
- In config.php Find:
- Save the file on your server.
- Backup Regulary – Backing up your forum regularly is the best defense you can have against hackers. At least once per week! MyBB Offers a Backup solution in the Administration Control Panel under Backup Database. For more information and alternative ways see our wiki: http://wiki.mybboard.net/index.php/Database_Backup. (Note: MyBB 1.4 allows for automatically backing up your database.)
- Keep MySQL, PHP, and Apache Up-To-Date – Hackings of your forum aren’t always caused by exploits in MyBB. Often hosts are running months old versions of MySQL, PHP, Apache, and even other programs and extensions riddled with security exploits. If you find your host is running an old version urge them to upgrade as soon as possible. If you own your own server you can respectively find updates at http://mysql.com, http://php.net and http://www.apache.org.
We’ll have another, more technical blog post on security for all of you IT pros (or in training, of course) later on.
FIRST!
Heh, nice tricks but I’m waiting for 1.4 screens π¦
Thank you tikitiki. Can I translate the entry and write it to my blog?
Hi Arno,
Yes you may, as long as you give us credit for the original article and link back to this.
Ryan
Thanks Tikitiki .
Great tips! I use all of them
If your site have SSH feature an easy way to backup databases is:
mysqldump –databases
Then download the .sql files with a FTP Client
Thanks for the informative article! I had certainly never thought about renaming the admin folder (although knowing me I’d probably have forgotten the name the next time I logged in) but the step-by-step info really does help π With regards to database backup, since I use WordPress on the same database, I use a WP plugin to automatically backup the file to another folder on the server, and email the gzipped file to my email account once a day at the very least. However, the latter has stopped working recently due to the size of the .gz file.
Nothing I haven’t done yet, thanks anyway though. π
I wouldnt have thought of changing the admin area either.
Makes complete sence though. Will do that right away.
Certainly helps when they offer how to do it.
Keep up the great work.
thanks Tikitiki
we want to read more in this section π
Changing the admin directory might cause problems when you upgrade to mybb 1.4
Great tutorial, few simple steps which can help reduce hacking attempt π
About that last comment, why would that cause problem when you upgrade to 1.4 ? As long as the config.php contains the admin_dir setting I sure can’t see how this could cause any problem…
Plus, don’t you trust the dev team to be consistent π ?
I know I do…
David,
Changing the admin directory won’t cause any problems as long as you follow the upgrade procedure.
Thank You Tikitiki .
Am currently considering changing to your BB and currently using WebWiz. The website has member security on a portion using ‘Spooky’. If we were to change to ‘MyBB’ would I be able to easily attach to the ‘Spooky’ user database to couple security issues?
nice π
thanks Tikitiki !
I took all of these steps, and so far – haven’t gotten hacked π
Thanks for sharing your knowledge. This is very useful.
Many thanks for this informative article.Thanks for sharing.
Thank You Tikitiki..
Thanks for writing this post. Now everything is clear for me.
Thanks for this secure tips…
Wow great tips!