Social Networking for Civil Society

User Tools

Site Tools


twitter facebook github blog support forum

Get Started



Get Involved




Security Recommendations

Usernames and Passwords

  • Use long, random password for administrators (and moderators).
  • Don't use the same passwords that you have used at other websites.
  • Enter your password only over connections using SSL (https).
  • Consider keeping the administrators invisible and choose for them usernames that are difficult to guess.
  • Make use of the feature to temporarily block IP addresses after repeated failed logins.
  • Avoid giving administrator (or moderator) permissions to users who sign in via other services like Facebook.


  • For normal operation, use a database user in config.ini who has reduced permissions.1)
  • Avoid sharing the database with applications that may not be secure.
  • Create frequent database backups.

Web Space

  • Use a hardware firewall or a service like Cloudflare to shield off known attackers.
  • Avoid installing in the same file tree software that may not be secure.2)
  • Use encrypted connections to access the files via FTP.
  • If you run your own server, keep the operating system and software up to date.
  • Keep permissions of files and folders at the required minimum (most don't need write permissions).

This list is a work in progress.

Anything missing? Please let us know.

1) You may have to change the user for updates.
2) e.g. software or plugins that are under development or whose authors don't seem to care about security
manual/security.txt · Last modified: 2014/08/06 19:16 by Christoph