1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How popular is xenforo

Discussion in 'Off Topic' started by slackaz, Apr 24, 2016.

  1. slackaz

    slackaz New Member

    Are there a lot of security concerns with the product?
     
  2. wang

    wang Well-Known Member

    Not that I am aware of. Xenforo is known to be a stable and secure software.
     
  3. ozzy47

    ozzy47 Well-Known Member

    None, no recent security issues at all.
     
  4. slackaz

    slackaz New Member

    Also, what is the max member count one can have?
     
  5. ozzy47

    ozzy47 Well-Known Member

    You can have a infinite amount of members.
     
  6. PaulK

    PaulK Member

    Not if you don't give a lot of people access to your ACP, specially those people who use the same password on many other sites.
     
  7. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Code-wise XenForo is very secure. It follows lots of best practices like parameterized queries, sanitized inputs, default escaping of outputs, CSRF tokens, bcrypted passwords, etc.

    XenForo has a good security record with few exploits. In fact, exploits are often not part of XenForo itself but rather part of third party code which XenForo uses (eg SWFupload). And exploits are always patched very quickly.

    I have a lot of experience dealing with hacked forums and I rarely see a case involving XenForo. Of the cases I have seen, the attack vector has always been something outside of XenForo like a hacked server or some other script on the site.
     
    Itworx4me likes this.
  8. ManagerJosh

    ManagerJosh Well-Known Member

    I'll echo what @Jake Bunce wrote. I had an opportunity to talk to Kier and Mike when they were in Los Angeles briefly, and they shared with me what their decisions on how they did things, and their approaches.

    Being in the front lines day in and day out for security, XenForo is probably one of the very few applications I am willing to run without a WAF.
     
    Jake Bunce likes this.

Share This Page