Disable Errors / Debugging ¶
- Modify index.php in your humhub root directory
[...] // comment out the following two lines when deployed to production // defined('YII_DEBUG') or define('YII_DEBUG', true); // defined('YII_ENV') or define('YII_ENV', 'dev'); [...]
- Delete index-test.php in your humhub root directory if exists
Protected Directories ¶
Make sure the following directories are not accessible by web:
By default these folders are protected with a ".htaccess" file.
Limit User Access ¶
If you're running a private social network, make sure the user registration has been disabled or the approval system for new users has been enabled.
- Disable user registration:
Administration -> Users -> Settings -> Anonymous users can register
- Enable user approvals:
Administration -> Users -> Settings -> Require group admin approval after registration
- Make sure guest access is disabled:
Administration -> Users -> Settings -> Allow limited access for non-authenticated users (guests)
Keep up with the latest HumHub version ¶
As an admin you'll receive a notification when a new HumHub version has been released. We strongly recommend to always use the latest stable version when possible.
We take security very seriously, and we're continuously improving the security features of HumHub.