XF 1.5 What considerations do we need to look at when upgrading to the latest version?

[KevRog]

We're thinking of upgrading from version 1.5 to 2.0. Will the plugins be compatible? Will we be able to easily transfer content on to the latest framework? One of the reasons we want to upgrade is to have a more secure website. Will we be able to manage user passwords, making it more secure by prompting the use of 2FA? Is this a feature available on the latest version? We would also like to prompt members to setup a more secure password by using a combination of characters, and maybe prompt users to change their password after a certain period, is this possible?

 

[sbj]

None of the plugins (/addons) will be compatible for 2.0. It is a new framework. But some/many popular addons have also a XF2 version and most of them have an built-in importer to upgrade your old data. But you have to check each of your installed addons yourself, if they do have a XF2 version and if they can be upgraded using your old data. So don't uninstall your addons before upgrading to 2.0, as the old data would be needed for the new XF2 addon, if there are ones.

So other than your style and addons, everything else will be upgraded to the new software without any problems. If you encounter problems, ask for help here or search the errors. You should always make a test upgrade (on your local machine) before upgrading your live site. So you can be sure. Always make a backup first.

The latest XF 1.5.21 is as secure as it can be. So it won't be magically more secure when you are on XF2. But on the other hand, it is said that in the long run support for the XF1 versions will be dropped at some point. And also it is said that the upcoming XF2.1 version will require PHP 5.6 instead of 5.4. So maybe that makes it more secure.

About 2FA. As far as I know it is already available for XF 1.5. And nothing changed in XF2 about that.
https://xenforo.com/community/threads/two-step-verification-and-security-improvements.99881/

 

[KevRog]

Hello @sbj thanks for the quick and very informative response. Regarding 2FA, it seems it can only be applied to a Xenforo member's account only and not for the members of our forum based on how I understood the thread you sent. What we're looking for is to have the forum members be able to apply 2FA to their password security. Is this something readily available on Xenforo 1.5?

Thanks again!

 

[Martok]

Hello @sbj thanks for the quick and very informative response. Regarding 2FA, it seems it can only be applied to a Xenforo member's account only and not for the members of our forum based on how I understood the thread you sent. What we're looking for is to have the forum members be able to apply 2FA to their password security. Is this something readily available on Xenforo 1.5?

Thanks again!

2FA can be enabled on your own forum right now (as you are already running XenForo 1.5). The thread you were linked to explains how it works.

If you search the ACP for "two-step" you will see an option to enable this for logging into the ACP itself (and this is a must IMO). After that anyone with ACP access will need to use 2FA.

Should you wish to force some or all of your members to use 2FA, you can enable the "Require two-step verification" permission for the user group(s) that you require this for. If you don't force this, then users can choose whether or not they use 2FA by going to their Account as described in the thread you were linked to.

 

[sbj]

Regarding 2FA, it seems it can only be applied to a Xenforo member's account only and not for the members of our forum based on how I understood the thread you sent.

Not sure what you mean by this. Are you running a bridge on your website? So other than a XF forum, you have also another login procedure for maybe Wordpress or something?
Cause the thread I linked is the official announcement from XF, telling us that every XF Forum running the 1.5x version will have the 2FA feature.

What we're looking for is to have the forum members be able to apply 2FA to their password security. Is this something readily available on Xenforo 1.5?

Yes, it is. Just go to usergroups, select the usergroup you want (like the registered one as everyone should be in that usergroup) and set the 2FA permission to yes. Then this will make that everyone will be required to do 2FA when they want to login to your forum.


edit: too late, @Martok was quicker in explaining.

 

[KevRog]

Ah found it. I was looking at the wrong window. I was looking at my Xenforo account settings. Thanks for the guidance and patience @sbj and @Martok