Enable Production Mode ¶
By default HumHub is operating in DEBUG mode, which besides others uses a different error handling and non combined
assets. Before opening your installation to the public you should enable the production mode first by commenting out the
following lines of the
index.php file within your HumHub root directory:
[...] // comment out the following two lines when deployed to production // defined('YII_DEBUG') or define('YII_DEBUG', true); // defined('YII_ENV') or define('YII_ENV', 'dev'); [...]
Note: In this example the lines are already commented out.
You should also delete the
index-test.php file in your HumHub root directory if existing.
Protected Directories ¶
Make sure the following directories are not accessible by web:
Info: By default these folders are protected with a ".htaccess" file.
Limit User Access ¶
If you're running a private social network, make sure the user registration has been disabled or the approval system for new users has been enabled.
- Disable user registration:
Administration -> Users -> Settings -> Anonymous users can register
- Enable user approvals:
Administration -> Users -> Settings -> Require group admin approval after registration
- Make sure guest access is disabled:
Administration -> Users -> Settings -> Allow limited access for non-authenticated users (guests)
Keep HumHub Up-To-Date ¶
As an admin you'll receive notifications about new HumHub releases. We strongly recommend to always update to the latest stable version if possible. Check the automatic or manual update guide for more information about updating your HumHub installation.
Furthermore, you should regularly check the
Administration -> Modules -> Available Updates section for module updates.
We take security very seriously, and we're continuously improving the security features of HumHub.