I have a wordpress site that was just hacked, so I'm taking steps to improve security. So I was wondering -- anyone have any tips for protecting Xenforo sites, too?
.htaccess password protect the Admin CP with a seperate password.
XenForo itself has no known exploits (as far as i'm aware). If a breach would happen it would be due to having it connected to a vunerable system or a vunerable addon.
I have a wordpress site that was just hacked, so I'm taking steps to improve security. So I was wondering -- anyone have any tips for protecting Xenforo sites, too?
Currently i am using naxsi with nginx + php-fpm, it's the 'mod security' for nginx, the idea of it is acting as a protection front end before fetching into your backend, so in theory even though your web app is vulnerable, in most cases naxsi will block the attempt.
I have a wordpress site that was just hacked, so I'm taking steps to improve security. So I was wondering -- anyone have any tips for protecting Xenforo sites, too?
Currently i am using naxsi with nginx + php-fpm, it's the 'mod security' for nginx, the idea of it is acting as a protection front end before fetching into your backend, so in theory even though your web app is vulnerable, in most cases naxsi will block the attempt.
I did not released them to public as I'm still testing everything internally. If you want, I would appreciate if you can contact me and discuss further about the naxsi rules. So far, I'm using the basic stuff. I'm in the process or writing the missing CentOS 5 packages needed for the sweet naxsi UI.
If is easier for you, please start a thread into Server related forum and we can continue this discussion there.
Reply into conversation with the thread link, thank you.