XF 1.4 security questions

[Betclever]

Hi all,

I have a domain on Planethoster and some basic protections but my questions are the following:

Crawlprotect needed?
What can I secure to avoid issues?

I have deleted the folder "install" and have a basic protection on my host which is integrated with the offer...

Thanks for your support,

 

[SneakyDave]

Never heard of Crawlprotect, but XenForo is pretty secure out of the box.

The most common precaution is to protect the data and internal_data directories from being accessed externally. That can be done with .htaccess or nginx rules. I think the .htaccess file included with XenForo already does this.

 

[Betclever]

Thanks for your reply but can you tell me how to do that?

Thanks,

 

[Paul B]

You don't specifically need to do anything.

I wouldn't recommend removing the \install directory - it is required for certain operations.

 

[Betclever]

Ah ok, not necessary to protect some files like admin.php or htaccess?

If yes, I actually have a numerical value of 644 so I don't know if I need to change this or not?

I already removed the folder "install"

Thanks,

 

[SneakyDave]

You shouldn't need to 'protect' htaccess if apache is configured correctly.

You can protect admin.php with an htaccess rule, but I don't think many people actually do that.

https://xenforo.com/community/resou...and-the-install-directory-using-htaccess.353/

You should reupload your install directory.