Security and general tweaking?

quad3datwork

quad3datwork

Aspirant
Joined
Sep 8, 2015
Messages
12
I searched online and around and couldn't find anything... are there any WBB performance and/or security tweaking guides around?

Like, PW brute force protection against uid 1, and any Admin accounts. Or hide member's list, etc. Change admin page URL or PW protect it, etc.

I can see WBB is fairly secured already. But I'd like to know there are further tweaks. Any inputs are appreciated! Thx!
 
TimWolla

TimWolla

Developer
Joined
Jun 30, 2014
Messages
112
Hi

the first question for “security tweaking” should be: “What do I want to protect against?”. A determined attacker won't be stopped by moving the administrator's control panel folder (which is not supported by the software anyway), while the average attacker probably won't even manage to get past the authentication.
We make sure that the software is as secure as possible with a stock installation. That means that we make sure that the doors (the login) are properly locked. Therefore it is not necessary to move the doors (move the folder), so the attacker does not find them.

Just make sure you use strong passphrases and secure the webhost as well. From my experience the cause of most issues is a stolen FTP password.

That being said there are a few plugins that provide a real benefit against stolen passwords:
https://pluginstore.woltlab.com/file/2073-extended-login/
https://pluginstore.woltlab.com/file/1463-tim’s-2-factor-authentication/
 
You must log in or register to reply here.
Top