1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Protecting your Xenforo site?

Discussion in 'General XenForo Discussion and Feedback' started by sophie1204, May 29, 2012.

  1. sophie1204

    sophie1204 Active Member

    I have a wordpress site that was just hacked, so I'm taking steps to improve security. So I was wondering -- anyone have any tips for protecting Xenforo sites, too?
  2. Slavik

    Slavik XenForo Moderator Staff Member

    Make sure your admin password is strong.

    .htaccess password protect the Admin CP with a seperate password.

    XenForo itself has no known exploits (as far as i'm aware). If a breach would happen it would be due to having it connected to a vunerable system or a vunerable addon.
  3. HWS

    HWS Well-Known Member

    You may just use the search at this site...
  4. Chris D

    Chris D XenForo Developer Staff Member

    What was the nature of the hack? Was it a known software exploit, or a weakness in security?
  5. Vohn

    Vohn Member

    Currently i am using naxsi with nginx + php-fpm, it's the 'mod security' for nginx, the idea of it is acting as a protection front end before fetching into your backend, so in theory even though your web app is vulnerable, in most cases naxsi will block the attempt.
  6. Adam Howard

    Adam Howard Well-Known Member

    This will be a good starting point

    I'd always suggest using the most current server software possible.

    May also want to avoid Cent OS ;)
  7. Floren

    Floren Well-Known Member

    Glad to see you use that, so far only Axivo has naxsi packages for CentOS/Redhat. :)
    I did not released them to public as I'm still testing everything internally. If you want, I would appreciate if you can contact me and discuss further about the naxsi rules. So far, I'm using the basic stuff. I'm in the process or writing the missing CentOS 5 packages needed for the sweet naxsi UI. :)

    If is easier for you, please start a thread into Server related forum and we can continue this discussion there.
    Reply into conversation with the thread link, thank you.

Share This Page