Keep your vBulletin Secure!

There seems to have been a rather large recent influx of topics at some webmaster sites about vBulletin forums security being compromised. Well if these simple steps are followed you won’t have a thing to worry about. These tips provide some extreme solutions such as never using a modification on your board but if you want the utmost security this is how to obtain it.

1. Always, use the latest STABLE release of vBulletin
2. Never install modifications that are from 3rd party sites (this includes vBulletin.org). Only trust vBulletin developers. And if you choose to install modifications, only install modifications that you MUST have! Do not install modifications, just to install modifications.
3. Move your admincp and modcp directories, and then use a .htaccess file to protect them even further
4. Never leave any upgrade*.php files in your install folder, it should only contain a few files like mysql-schema.php
5. Make sure that tools.php is no place on your server!
6. Remove all impex files if you’ve used impex
7. If phpMyAdmin is accessible from the web, such as yourdomain.com/phpmyadmin use .htaccess protection for this as well
8. NEVER EVER ALLOW HTML IN POSTS OR ANY WHERE ELSE ON YOUR FORUMS
9. Use strong passwords that mix letters and numbers like: k45Dft^gf, make sure your fellow site staff also follow this guideline
10. Do not upload the do_not_upload directory…duh.
11. Update your config.php to have your ID as unalterable and undeletable.
12. Use random passwords at each site, never use the same one over and over again.

These tips will help protect your vBulletin, BUT vBulletin can only be as secure as you, and your host are. vBulletin can not protect you against your own stupidity, or your hosts lack of proactive security. Remember to keep backups, and we’ll discuss that later