There are many things you can do to keep your MyBB Installation secure – the below list contains 5 basic ways to make sure your MyBB Forum is as secure as possible. I’ve tried to keep it as simple and concise as possible. Leave a comment if you don’t understand and we’ll clarify.
- Keep your MyBB Software Up-To-Date - Always make sure your running the latest version of MyBB. Using the Version Check tool from your Administration Control Panel you can always check for the latest version of MyBB and latest announcements.
- Sign up to the MyBB Mailing List – By signing up to the MyBB Mailing List you can receive notification of important MyBB updates and releases, allowing you to update your forum in a timely and fashionable manor.
- Rename your “admin” directory – Renaming your admin directory to something else will greatly reduce the risk of someone being able to hack their way into you Administration Control Panel.
- Using an FTP Program navigate to your forum directory.
- Find the ‘admin’ directory and rename it to something less obvious. If you want to be really secure you can use an online program to generate a name for you. For example: http://www.pctools.com/guides/password/
- Now that you’ve renamed your admin directory we need to update the configuration file so MyBB knows what it is called. Navigate to your ‘inc’ directory and open up config.php using a Text Editor such as WordPad.
- In config.php Find:
$config['admin_dir'] = 'admin';
- Replace with the new admin name (where admin-name is the name of the new admin directory you set):
$config['admin_dir'] = 'admin-name';
- In config.php Find:
- Save the file on your server.
- Backup Regulary – Backing up your forum regularly is the best defense you can have against hackers. At least once per week! MyBB Offers a Backup solution in the Administration Control Panel under Backup Database. For more information and alternative ways see our wiki: http://wiki.mybboard.net/index.php/Database_Backup. (Note: MyBB 1.4 allows for automatically backing up your database.)
- Keep MySQL, PHP, and Apache Up-To-Date - Hackings of your forum aren’t always caused by exploits in MyBB. Often hosts are running months old versions of MySQL, PHP, Apache, and even other programs and extensions riddled with security exploits. If you find your host is running an old version urge them to upgrade as soon as possible. If you own your own server you can respectively find updates at http://mysql.com, http://php.net and http://www.apache.org.
We’ll have another, more technical blog post on security for all of you IT pros (or in training, of course) later on.