• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

How popular is xenforo

Jake Bunce

XenForo moderator
Staff member
#7
Code-wise XenForo is very secure. It follows lots of best practices like parameterized queries, sanitized inputs, default escaping of outputs, CSRF tokens, bcrypted passwords, etc.

XenForo has a good security record with few exploits. In fact, exploits are often not part of XenForo itself but rather part of third party code which XenForo uses (eg SWFupload). And exploits are always patched very quickly.

I have a lot of experience dealing with hacked forums and I rarely see a case involving XenForo. Of the cases I have seen, the attack vector has always been something outside of XenForo like a hacked server or some other script on the site.
 

ManagerJosh

Well-known member
#8
I'll echo what @Jake Bunce wrote. I had an opportunity to talk to Kier and Mike when they were in Los Angeles briefly, and they shared with me what their decisions on how they did things, and their approaches.

Being in the front lines day in and day out for security, XenForo is probably one of the very few applications I am willing to run without a WAF.