How secure is your forum

[flowerpot132]

We have been asked how "secure" our forum. I was thinking along the lines of:

> Our forum platform as no none bugs and is one of the most stable platforms available. Our hosting uses reputable UK based servers and is trusted by many large organisations.

Sound ok?

 

[whynot]

Sound ok?

Yes.

 

[Mr Lucky]

as no none bugs

????

 

[Mr Lucky]

If you want extra security (and user peace of mind) then an SSL certificate is the way to go.

 

[StarArmy]

Maybe you could say stuff about:

• Who has access to your forum admin stuff and how trustworthy they are
• How trusted your web host is
• TLS if used
  • Certificates
  • Image and link proxies to prevent breaking HTTPS
• Security policies for staff e.g. Requiring two-factor authentication
• Privacy policy
• If you use ads or any third party embeds, are those ad networks trustworthy?
• Backup procedures
• How you deal with government requests / law enforcement
• Any type of anti-hacker/code change monitoring services you use
• Emergency plans in case of data breach, etc.
• History of your site, and how you dealt with security issues in the past
• Known threats your forum is currently facing and how they're mitigated
• How you verify the software you use on your site is from an authentic, trusted source and is how it is kept updated
• How your server is kept patched

 

[Anthony Parsons]

If you aren't using SSL, then you may as well be honest: Our forum is unsecure, can be easily compromised, and any personal login details you enter may be stolen and used with ease.

That is fairly honest nowadays, for non-SSL forms. And forums are all about form inputs.

 

[Mouth]

We have been asked how "secure" our forum. I was thinking along the lines of:

> Our forum platform as no none bugs and is one of the most stable platforms available. Our hosting uses reputable UK based servers and is trusted by many large organisations.

Sound ok?

I think it would depend upon who's asking, the reason, and the baseline being used.