How popular is xenforo
- Thread starter slackaz
- Start date
Member_68162
Active member
Not if you don't give a lot of people access to your ACP, specially those people who use the same password on many other sites.
Jake Bunce
Well-known member
Code-wise XenForo is very secure. It follows lots of best practices like parameterized queries, sanitized inputs, default escaping of outputs, CSRF tokens, bcrypted passwords, etc.
XenForo has a good security record with few exploits. In fact, exploits are often not part of XenForo itself but rather part of third party code which XenForo uses (eg SWFupload). And exploits are always patched very quickly.
I have a lot of experience dealing with hacked forums and I rarely see a case involving XenForo. Of the cases I have seen, the attack vector has always been something outside of XenForo like a hacked server or some other script on the site.
XenForo has a good security record with few exploits. In fact, exploits are often not part of XenForo itself but rather part of third party code which XenForo uses (eg SWFupload). And exploits are always patched very quickly.
I have a lot of experience dealing with hacked forums and I rarely see a case involving XenForo. Of the cases I have seen, the attack vector has always been something outside of XenForo like a hacked server or some other script on the site.
ManagerJosh
Well-known member
I'll echo what @Jake Bunce wrote. I had an opportunity to talk to Kier and Mike when they were in Los Angeles briefly, and they shared with me what their decisions on how they did things, and their approaches.
Being in the front lines day in and day out for security, XenForo is probably one of the very few applications I am willing to run without a WAF.
Being in the front lines day in and day out for security, XenForo is probably one of the very few applications I am willing to run without a WAF.
Similar threads
- Solved
- Question
