Topic: Buddypress Security · BuddyPress.org

Skip to:: Content; Pages; Categories; Search; Top; Bottom

Buddypress Security

@mcuk
Participant

@mcuk

8 years, 9 months ago

Hello all,

I am currently looking into the methods for beefing up the security of a website I’ve been building with BuddyPress before taking it live (spam users, brute force attacks, options around wp-login, SSL etc.).

1. Specifically when it comes to BuddyPress, does a default user with a Subscriber role pose any threats to the integrity of the site or to other users? I ask because I am trying to anticipate what would happen if a user (with Subscriber role) had their account hacked.

2. I have already taken the precaution of hiding the administrator member from being visible to other site users but are there any other issues/precautions I should be looking into?

3. Securing the data of the users is obviously a priority. So I’m just looking for any problems/solutions faced by those using BuddyPress on their sites

Cheers!

Viewing 3 replies - 1 through 3 (of 3 total)

shanebp
Moderator

@shanebp

8 years, 9 months ago

1. On a standard install, if somebody was able to log in as a subscriber, they can mainly be annoying: generating lots of Notices and maybe emails, inappropriate content, etc.

In general, read up on ‘wordpress hardening’.

Henry Wright
Moderator

@henrywright

8 years, 9 months ago

I echo what @shanebp said.

Ref: https://codex.wordpress.org/Hardening_WordPress

@mcuk
Participant

@mcuk

8 years, 9 months ago

Thanks @shanebp & @henrywright 🙂

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Buddypress Security’ is closed to new replies.