XF 1.4 Security Alerts

PeteyG

New member
Hi All

I have installed Xenoforo and its running well, though after setting everything up we ran a vulnerability scanner on our site (unfortunately we have been seriously hacked in the past and left a tad paranoid), a couple of high warnings issued:

High Alerts:
GET /community/index.php
-Cleartext Password over HTTP
-solution: Passwords should never be sent over cleartext. The form should submit to an HTTPS target.

GET /community/
-Session Cookie Without Secure Flag
Solution: When creating the cookie in the code, set the secure flag to true.

Medium Alerts:
None

Our php is tight, our linux server stripped down to the bare essential bones, it would be great to know we are safe with Xenforo... Does anyone else ever have problems of security, indeed any pointers on how to remedy these alerts appreciated.

Many thanks
Pete
 
These errors are mostly expected if your site URL begins with http:// rather than https://

To run your site over https you will need to obtain an SSL certificate, and configure the web server to redirect non-SSL requests to SSL.
 
Last edited:
Top Bottom