How to improve the security of phpBB3
Here are some suggestions on how to make your phpBB3 board more secure:
- Update your phpBB3 application when there's a new upgrade package.
- Back up regularly the phpBB3 files on your account and the database used by the application.
- Make sure your admin password is complex and long enough. Use a random combination of upper and lower case letters, numbers and symbols. Change the password from time to time.
- Change the user registration settings, so that users have to choose longer and more complex passwords. Enable account activation.
- Block access to the admin directory for all IP addresses except yours.
- Rename the phpBB3 admin directory.
- Disable dangerous PHP functions.
- Make sure your phpBB3 is in its own separate database. Use different usernames and passwords for each of your databases.
- Check the file and folder permissions of the phpBB3 files on your account. Make sure there are no world-writable permissions (e.g. 777, 666).
For some more details check out the phpBB3 Security Tutorial.