Part of being an administrator is ensuring that your members and your site remain safe. This can be a daunting task if you aren’t proactive with your efforts.

 

What measures do you take to secure your forum? What methods are automated and what do you do manually to help with site security?

Personally, I'm confident enough in my own security to not need to take many "active" steps to secure websites I run. Aside from making sure security updates/packages are installed as soon as possible when available there's not much else to do.

 

A lot of my time when running a forum previously was spent dealing with members who had their accounts compromised. If I was thinking of running a decently sized forum/website again anytime soon I definitely think I'd be taking advantage of 2 factor authentication options (as I already do for my own website admin logins) to prompt members into maintaining good account security procedures and minimising the risk of needing to help with account recoveries.

I use two factor authentication on my forum, cpanel and whm.

 

I also make sure that SecfilterEngine is On in Htaccess along with SecFilterScanPost, which are both related to modsecurity and help protect your site from malicious requests & unwanted traffic.