MyBB Development Blog

Welcome to the MyBB Development Blog. Here you'll find updates relating to the development of future versions of MyBB as well as technical discussions, tips, tricks and modifications to help you get the most out of MyBB.

Securing your MyBB Installation

By Tikitiki | Published February 6th, 2008 | Security | Rating: 1 Star2 Stars3 Stars4 Stars5 Stars Loading ... Loading ...

There are many things you can do to keep your MyBB Installation secure - the below list contains 5 basic ways to make sure your MyBB Forum is as secure as possible. I’ve tried to keep it as simple and concise as possible. Leave a comment if you don’t understand and we’ll clarify.

  1. Keep your MyBB Software Up-To-Date - Always make sure your running the latest version of MyBB. Using the Version Check tool from your Administration Control Panel you can always check for the latest version of MyBB and latest announcements.
  2. Sign up to the MyBB Mailing List - By signing up to the MyBB Mailing List you can receive notification of important MyBB updates and releases, allowing you to update your forum in a timely and fashionable manor.
  3. Rename your “admin” directory - Renaming your admin directory to something else will greatly reduce the risk of someone being able to hack their way into you Administration Control Panel.
    1. Using an FTP Program navigate to your forum directory.
    2. Find the ‘admin’ directory and rename it to something less obvious. If you want to be really secure you can use an online program to generate a name for you. For example: http://www.pctools.com/guides/password/
    3. Now that you’ve renamed your admin directory we need to update the configuration file so MyBB knows what it is called. Navigate to your ‘inc’ directory and open up config.php using a Text Editor such as WordPad.
      1. In config.php Find:

        $config['admin_dir'] = 'admin';

      2. Replace with the new admin name (where admin-name is the name of the new admin directory you set):

        3. $config['admin_dir'] = 'admin-name‘;

    4. Save the file on your server.
  4. Backup Regulary - Backing up your forum regularly is the best defense you can have against hackers. At least once per week! MyBB Offers a Backup solution in the Administration Control Panel under Backup Database. For more information and alternative ways see our wiki: http://wiki.mybboard.net/index.php/Database_Backup. (Note: MyBB 1.4 allows for automatically backing up your database.)
  5. Keep MySQL, PHP, and Apache Up-To-Date - Hackings of your forum aren’t always caused by exploits in MyBB. Often hosts are running months old versions of MySQL, PHP, Apache, and even other programs and extensions riddled with security exploits. If you find your host is running an old version urge them to upgrade as soon as possible. If you own your own server you can respectively find updates at http://mysql.com, http://php.net and http://www.apache.org.

We’ll have another, more technical blog post on security for all of you IT pros (or in training, of course) later on.

Comments

  1. 1.

    KacperOo (February 6th, 2008, 4:33 pm)

    FIRST!
    Heh, nice tricks but I’m waiting for 1.4 screens :(

  2. 2.

    Arno (February 7th, 2008, 3:24 am)

    Thank you tikitiki. Can I translate the entry and write it to my blog?

  3. 3.

    Staff Response: Tikitiki (February 7th, 2008, 9:46 am)

    Hi Arno,

    Yes you may, as long as you give us credit for the original article and link back to this.

    Ryan

  4. 4.

    roy (February 7th, 2008, 10:00 am)

    Thanks Tikitiki .

  5. 5.

    Aglioeolio (February 7th, 2008, 9:51 pm)

    Great tips! I use all of them

    If your site have SSH feature an easy way to backup databases is:

    mysqldump –databases

    Then download the .sql files with a FTP Client

  6. 6.

    Flick (February 8th, 2008, 8:33 pm)

    Thanks for the informative article! I had certainly never thought about renaming the admin folder (although knowing me I’d probably have forgotten the name the next time I logged in) but the step-by-step info really does help :) With regards to database backup, since I use Wordpress on the same database, I use a WP plugin to automatically backup the file to another folder on the server, and email the gzipped file to my email account once a day at the very least. However, the latter has stopped working recently due to the size of the .gz file.

  7. 7.

    Kikkerking (February 8th, 2008, 10:48 pm)

    Nothing I haven’t done yet, thanks anyway though. :P

  8. 8.

    DAMINK (February 10th, 2008, 12:34 pm)

    I wouldnt have thought of changing the admin area either.
    Makes complete sence though. Will do that right away.
    Certainly helps when they offer how to do it.
    Keep up the great work.

  9. 9.

    pepotiger (February 10th, 2008, 2:51 pm)

    thanks Tikitiki
    we want to read more in this section :)

  10. 10.

    David (February 13th, 2008, 3:29 am)

    Changing the admin directory might cause problems when you upgrade to mybb 1.4

  11. 11.

    davidm (February 13th, 2008, 8:59 am)

    Great tutorial, few simple steps which can help reduce hacking attempt :)

    About that last comment, why would that cause problem when you upgrade to 1.4 ? As long as the config.php contains the admin_dir setting I sure can’t see how this could cause any problem…

    Plus, don’t you trust the dev team to be consistent ;) ?
    I know I do…

  12. 12.

    Staff Response: Tikitiki (February 13th, 2008, 9:58 am)

    David,

    Changing the admin directory won’t cause any problems as long as you follow the upgrade procedure.

  13. 13.

    andyou (February 17th, 2008, 9:54 pm)

    Thank You Tikitiki .

  14. 14.

    Dick Rose (March 10th, 2008, 1:42 am)

    Am currently considering changing to your BB and currently using WebWiz. The website has member security on a portion using ‘Spooky’. If we were to change to ‘MyBB’ would I be able to easily attach to the ‘Spooky’ user database to couple security issues?

Post a Comment

Note: * indicates required fields.