In this tutorial we will review the security features that Simple Machines Forum 2.0.x provides us with. In order to check and change the secure configuration you will need to login as the administrator of the forum. After the successful authentication navigate to the Security and Moderation menu via Administration Center>Configuration>Security and Moderation.
This page of the Configuration offers several security related settings that we can configure in order to meet our needs.
The general option will allow you to lock down some of the personal information that is being handled on your website. For example, you will be able to hide contact details of your members to guests on your forum, set a trigger for failed login attempts and many more features that will protect your forum better.
The options that we recommend using are:
The Anti-Spam configuration in SMF provides three options that will strengthen it properly. The first section is the Anti-Spam Verification. The options in it allow us to set verification checks in order to ensure the user is a human and not a bot. There are a lot of options that you can configure for the purpose and we recommend reviewing them carefully for proper setup.
The second section is called Configure Verification Methods. It allows you to set which anti-spam features we wish to have enabled whenever a user needs to verify they are a human. The user will have to pass all verification so if you enable both a verification image and a question/answer test they need to complete both to proceed.
If you have enabled the options above, you also have to configure the Verification Questions. We should pick relatively simple questions; answers are not case sensitive, though you should not use a 0 (zero) or a space as an answer to a question. You may use BBC in the questions for formatting, to remove a question simply delete the contents of that line.
Congratulations! Now your Simple Machines Forum application is more secured.