tmhai at MyBB Games published earlier today an article on 10 simple changes to safeguard your MyBB forum. All of these are simple to do and will increase security. We encourage you to read the article and take heed the ideas presented.

I think making backups is one of the most important things to do (although many of us are indeed too lazy to do so on a regular basis). Having a backup will allow you to revert to a previous state in the event that your forum does get compromised (or if you screw something up). The Auto MySQL backup script that is linked on the article is actually a shell script, and might be a bit complicated to set up for the novice MyBB user. This one at Dagon Design is a PHP script (which most of us here are more familiar with), but of course it would be limited by the PHP execution time and memory limits if your server has any.

Changing the topic now, I thought that a point that wasn’t mentioned that I’d like to bring up is plugins and modifications. Although these third-party modifications may seem nice and have cool features, but the coding behind that may introduce holes or back doors into your system. The most common hole is probably the SQL injection, which can get pretty nasty; these can be caused when user input isn’t escaped properly when executed in the plugin/modified code. Unfortunately there’s no simple way to verify whether or not a plugin/modification is safe, but we recommend that you stick with modifications posted on MyBB Mods which have undergone validation by the administrators there. Just as MyBB should always be kept up to date, you should ensure that your plugins and modifications be updated in order to have any known bugs fixed up.

Good luck securing your forum