Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: What Is the Best Way To Add Forums To a Website?

Posted by samzenpus on from the let-my-people-post dept.

First time accepted submitter DustyMurray writes "I am considering adding forums to my website, and am just getting confused by all the options. My first reaction is always DIY. You get better website integration, and it looks and feels 100% how you want it to look and feel. However looking at things like phpBB and Vanilla forums, I will be hard pressed to build a better user experience in a reasonable amount of time. Also these out-of-the-box solutions seem to be shouting 'Easy to integrate with your website.' So, considering this, how easy are these ready build forums really to integrate? I want to be able to insert stuff on certain pages, so it's not either the forums, or my site... It must be a mix. I do not want a second login system on my site. And last but not least, I definitely don't want to have this typical generic look that most forums sport. Can all that be delivered with the out-of-the-box forums that exist today? Which one is the most flexible regarding these wishes?"

51 of 259 comments (clear)

  1. vBulletin by DevTecha · · Score: 5, Informative

    I would say that vBulletin is your best choice. It has a huge amount of features you're going to love.

    Seriously, building something like vBulletin would take you years with all the front-end and admin panel features. It is also customizable to every site so that it can look the same as your site (but maintains the usability users have adjusted to on other sites). This is also performance thing apart from features - you most likely lack the knowledge to make high performance forum as good as vBulletin guys have.

    I've seen large sites that have connected their website with vBulletin, so it is possible. Not only that, but vBulletin actually has vBulletin Connect that lets you build your website around vBulletin. Some CMS (Content Management Systems) also support vBulletin directly.

    One specific large site I use daily did convert from their proprietary system they had used for more than 10 years. vBulletin was their choice, and while it did take a few months to convert that old system, the forum now works much better and supports way more features that users like. If you are making a new site you can obviously do it correctly the first time and skip the conversion.
    If you are doing this as work for a professional site, I would stay away from phpBB and other free solutions. While it's possible to use them, you don't get any support and they're hard to integrate exactly the way you want to. They also tend to lack on the features that something like vBulletin has.

    vBulletin really is your best choice. It's a little pricy, but for what you get the price is more than justified.

    1. Re:vBulletin by stevenh2 · · Score: 3, Funny

      If you want to have the vBulletin look but free and open source, take a look at MyBB. It basically copies the front end of vbulletin. It's also open source.

    2. Re:vBulletin by JMJimmy · · Score: 5, Informative

      As a user I would say don't use vBulletin. Sure it has some great features, but I hate using it.

      phpBB has everything you need, a very active "addons" community, and is much nicer for users. Added benefit, it's free - takes about 10 minutes to get installed, and has enough features and options to keep you busy customizing/configuring for a while.

    3. Re:vBulletin by Cheech+Wizard · · Score: 5, Informative

      I would suggest that you really think about vBulletin and read about the history. It was great when Jelsoft owned it, but it was bought out by Internet Brands and is now a mess. The last "good" version was 3.8.7. Version 4 was a disaster. Version 5 is being sold and is in beta but it really sucks. vBulletin is no longer a "best choice". It was some years ago but these days it isn't. I've been running vBulletin forums since 2001 but stopped "upgrading" at 3.8.7. To make it worse, the Internet Brands people have terrible technical support and - Well, vBulletin used to be the "gold standard". Today, not by a long shot.

    4. Re:vBulletin by Joce640k · · Score: 3, Insightful

      The downside is it will be constantly full of porn+Viagra+poker spam.

      The spammers have got their scripts for attacking all the popular bulletin boards down to a fine art...

      --
      No sig today...
    5. Re:vBulletin by wmac1 · · Score: 3, Informative

      Much more slower than vBulletin, less scalable, uglier, less user friendly and almost non-existing support.

      Almost every phpBB I installed was ridden by spam and got hacked several times. I have given up on phpBB after 10 years of trying.

    6. Re:vBulletin by sstamps · · Score: 2

      Hate to break it to you, but vBulletin gets hacked about as often as anything else out there. In the past 10 years, I've cleaned up about as many hacked vB forums for people as several of the other popular forum packages combined.

      Sure, the primary issue is that people don't keep their software updated, but that is true no matter what software you use. I've setup and ran dozens of phpBB forums, and I have yet to have one hacked, but then I keep them (and the servers they run on) up-to-date.

      --
      -SS "Teach the ignorant, care for the dumb, and punish the stupid."
    7. Re:vBulletin by Gaygirlie · · Score: 3, Insightful

      I've always built my own forum software by hand because that way I can build it as a completely integral part of the website, including features that I need and omitting features I don't need. That said, in general I still agree that it's better to go with a pre-built forum software like e.g. vBulletin -- they most likely know a lot better what they're doing than you do. There is, however, one thing I really feel like pointing out here: always disable all the features you do not need. The more features there are the more likely one or another attack point is available. If you don't need e.g. remote administration then disable it, don't just leave it hanging around.

    8. Re:vBulletin by ILongForDarkness · · Score: 2, Interesting

      About 4 years ago I worked in the anti-spam industry. One of the groups (MAAWG) had a meeting that year and several large telco/ISP representives said that SMS and board spam was on their radar. It seems like it should be relatively trivial to run this stuff through the mail filter pipeline, wrap it up as a email (or even don't as long as your system treats the message like a mail body), grab the IP that it originates from and send it off to your reputation system and see if it pings. Anyone no of a mainstream vendor that has a product in this space? If not I could probably whip something up in a month or so :) I'm thinking redirect post requests through a REST service process the body through a spam engine, and if it is clean relay the request off the the real post on the bulletin server.

    9. Re:vBulletin by Khyber · · Score: 4, Interesting

      My bulletin board/forum is spam-bot secure. Why? Video captcha of animated .GIFs. No spam bot can get through, you *NEED* a human to answer the captcha, as it's a question related to the GIF itself (example, display a short clip of Hajime no Ippo, where Ippo is performing the Dempsey Roll. The question will ask "What move is being performed here?")

      Have fun making a bot with knowledge of every manga/anime ever made with enough horsepower to OCR everything.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    10. Re:vBulletin by Khyber · · Score: 2

      That's when you ban the entire internet by default and set up a whitelist.

      Works just fine for stopping proxyfags in their tracks on Camfrog.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    11. Re:vBulletin by ILongForDarkness · · Score: 2

      But wouldn't the proxies use a limited number of IPs? What happens with email spam is if you relay spam you get blacklisted. Hence people tend to close open relays and/or spammers have huge churn on the servers they can use. As for bots: throttling helps a lot with email spam wonder if it would work here. The company I worked for made an ISP grade anti-spam service that would throttle unknowns down to really slow connection speed, bots simply can't wait around for 10min sending a message. That said neither will the user of a webpage I suppose. You might have to fake it, act like you accepted it, refresh the senders view to show the new message so they think everything is fine but in the background you are verifying that the sender is trust worthy. A reputation system is nice for this because if a bot targets several forums you'll see the same IP showing up from different customers anti-spam systems and can block regardless of whether or not your site has seen the sender before. Mah.

    12. Re:vBulletin by somersault · · Score: 4, Informative

      Uhm.. well I'm guessing it must be a forum about manga/anime, but as someone with more than a passing interest in anime, I still have no idea wtf you're talking about. And after Googling it, it doesn't look like one that I'd watch since I'm not that interested in boxing.. so yeah. Maybe you should choose something that any human could answer, rather than get so specific? Very few people are interested in every single manga/anime out there, considering that a lot of them have very different target audiences.

      --
      which is totally what she said
    13. Re:vBulletin by Osgeld · · Score: 2

      I have administrated a VB fourm and I honestly have never seen one single thing that made it stand out OTHER than the fact that it cost money, and its equals were free.

      CMS? yup
      Support? man those SMF guys have that nailed
      Hard to integrate? not any worse than VB, your going to have to edit a file sometime
      Features? out of the box yea VB, addons no, not even close

    14. Re:vBulletin by Randle_Revar · · Score: 4, Insightful

      Glad I never tried to sign up there. I am no idiot, and I like anime, but even if I *could* figure such a thing out, I can't imagine I would take the time and effort to do so. I might run a few google searches, but I have doubts that that would be enough to find it.

      --
      Climate Progress - Hell and High Water
    15. Re:vBulletin by capnkr · · Score: 2

      SMF (Simple Machines Forum) seconded, coming from someone who's administered both vB and phpBB forums. Once I started using SMF I never looked back, and converted all the other boards I ran to it.

      --
      "...there are some things that can beat smartness and foresight. Awkwardness and stupidity can." ~ Mark Twain
    16. Re:vBulletin by Thesis · · Score: 5, Interesting

      As a long time owner of a vB license, I second the motion to read about the history of vBulletin before making a decision to use their software. When IB bought Jelsoft, it went downhill rather quickly. Many would say, and I have to agree, that vB jumped the shark after the acquisition. Many of us who own and operate boards also agree that version 3.8.7 was the last good version. The management at Jelsoft/IB attempted to morph the software into a catchall social networking solution akin to Facebook, in my eyes anyway. Many of us who have or had "owned" licenses feel that we got screwed, for the terms in licensing changed dramatically beginning with version 4. It turned into a huge money grab in the eyes of many, including myself. Many customers went with other options, and some of us never updated beyond 3.8.7, and are looking for other solutions. Yes, I have tried versions 4 and 5, and they are horrid IMHO.

      It should also be mentioned that some key vB developers left the company as well, for they agreed with many of the customers at that time, that Jelsoft had lost its way. Those developers who left, started to build their own forum software solution from scratch, which is called XenForo ( http://xenforo.com/ ), and is offered to the public as a paid option to forum software. IB got quite pissy over this, and filed multiple court cases against them, which has thus far proved to be fruitless, and appears to be simply a way to make XenFro bleed financially through litigation. http://xenforo.com/community/threads/a-statement-regarding-the-current-litigation.7567/

      I will say that I personally do not think that XenFro is quite yet up to snuff, when compared to older versions of vB, or other paid solutions. I do hold hope that one day soon it will be.

    17. Re:vBulletin by Cheech+Wizard · · Score: 2

      In my case, when Jelsoft allowed "Owned" licenses and a "Brand Free" license some years back, I paid for them and I can't say I'm even looking to upgrade in the near future. My forums are so highly modified that it will be a while before I *have* to move on.

      I haven't tried 4 or 5 but I have read enough about them to know not to waste money on them. I can't say I felt screwed when they changed their licensing changes - Nothing is forever and as with all software, when a major revision comes out I pay for an upgrade or, if they don't give update discounts, I just buy it and get on with life.

      This is a case of where there were a few very talented people who turned out very good software, charged for and licensed in a way I thought was fair, but was bought out by a big company which killed it which is the norm - Big company buys small, but innovative company and destroys it through greed and incompetence. vBulletin today stands only on its reputation from years ago.

    18. Re:vBulletin by antdude · · Score: 3, Insightful

      What about accessibility? Are you blocking those who have vision problems? :(

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    19. Re:vBulletin by lothos · · Score: 2

      another recommendation for SMF here. I run it on two forums and highly prefer it over both VBulletin and Phorum.

      --
      Hosting and Domain name coupons
    20. Re:vBulletin by Pseudonym+Authority · · Score: 2

      No. The spammer starts a porn site, then makes humans break the CAPTCHAs to get titties. Except the CAPTHCAs are really harvested from other sites, and when a human breaks one, it is used to make an account and spam.

    21. Re:vBulletin by AmericanBlarney · · Score: 2

      My bulletin board/forum is spam-bot secure. Why? Video captcha of animated .GIFs. No spam bot can get through, you *NEED* a human to answer the captcha, as it's a question related to the GIF itself (example, display a short clip of Hajime no Ippo, where Ippo is performing the Dempsey Roll. The question will ask "What move is being performed here?")

      Have fun making a bot with knowledge of every manga/anime ever made with enough horsepower to OCR everything.

      Every gif file has a name, filesize, hash, etc... and with a few bucks and the Mechanical Turk, I bet they can map one of these unique identifiers to the answers to your captcha, and hello spam city! I'm guessing you're really experiencing security through obscurity, which isn't real security.

    22. Re:vBulletin by Fjandr · · Score: 2

      I'd also recommend SMF, after having run PHPBB2, PHPBB3, Invision's free board, and having dabbled with a number of others.

    23. Re:vBulletin by JMJimmy · · Score: 3

      Re:vBulletin, posted to Ask Slashdot: What Is the Best Way To Add Forums To a Website?, has been moderated Funny (+1).

      It is currently scored Normal (2).

      Re:vBulletin, posted to Ask Slashdot: What Is the Best Way To Add Forums To a Website?, has been moderated Informative (+1).

      It is currently scored Funny (3).

      Re:vBulletin, posted to Ask Slashdot: What Is the Best Way To Add Forums To a Website?, has been moderated Overrated (-1).

      It is currently scored Funny (2).

      Re:vBulletin, posted to Ask Slashdot: What Is the Best Way To Add Forums To a Website?, has been moderated Interesting (+1).

      It is currently scored Funny (3).

      Re:vBulletin, posted to Ask Slashdot: What Is the Best Way To Add Forums To a Website?, has been moderated Insightful (+1).

      It is currently scored Funny (4).

      Re:vBulletin, posted to Ask Slashdot: What Is the Best Way To Add Forums To a Website?, has been moderated Flamebait (-1).

      It is currently scored Funny (3).

      Can I get an underrated? lol

    24. Re:vBulletin by portnoy · · Score: 2

      Writing a program that solves a Calcudoku is pretty simple, actually. Hell, a 6x6 only has a couple hundred possibilities; that's a piece of cake to brute-force. I think right now you're more relying on security through obscurity -- it's not been broken because it's not yet used often enough to be a tempting target for a spambot creator.

  2. Be Careful by stewsters · · Score: 2, Insightful

    They arn't particularly easy to modify without making them hard to update. And updated common web software like that makes you an easy mark for hackers once they put out the next revision. I record all the 404s to our website and you would be surprised how many go to addresses of admin pages on things like WordPress. So if you do go that route to save time, but it on a different box and make it a priority to keep up to date.

    1. Re:Be Careful by Joce640k · · Score: 2

      Yep. If you modify anything in the code your life will be a constant battle of re-integrating your changes into every new release that appears.

      --
      No sig today...
  3. Begging the question by Anonymous Coward · · Score: 3, Insightful

    Should you add a forum to a web site? Are you ready to moderate it, defend it against spammers and irate users, manage lost passwords and deal with intellectual property disputes? A forum doesn't sleep, a forum doesn't go on holiday.

    1. Re:Begging the question by Jeremiah+Cornelius · · Score: 2

      A forum doesn't sleep, a forum doesn't go on holiday.
      I think you might be new here, on Slashdot. :-)

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    2. Re:Begging the question by kenh · · Score: 2

      It's his website, he apparently already requires users to log in ('doesn't want another login on his site').

      If it were a public site I'd agree with you, but as a somewhat protected area on the "intertubes" he should be OK.

      --
      Ken
  4. Drupal by cultiv8 · · Score: 4, Informative

    Drupal core forum combined with the advanced forum will meet your requirements. We used this approach for IFC, see it here.

    --
    sysadmins and parents of newborns get the same amount of sleep.
    1. Re:Drupal by Nemyst · · Score: 3, Interesting

      I'd warn against Drupal. Since it leverages the rather hefty node structure in Drupal, it's very hard to scale up properly. For a forum like what you've linked, with less than a thousand posts, that's fine, but a forum with tens of thousands of posts slows down to a crawl where phpBB or other dedicated forum solutions have no issue running.

      I'm sure you can optimize Drupal further, but it requires a lot more work than using a straight, if not integrated, forum package.

    2. Re:Drupal by cultiv8 · · Score: 3, Informative

      forum_access offers a decent performance improvement for mid-large sized forums, it uses the ACL module which helps to reduce number of joins with the node_access table, which is where a lot of performance issues come from. Nanawrimo is a good example of a decently optimized Drupal forum site, they get about 100k nodes/year, not to mention groups.drupal.org or drupal.org, which average about the same.

      The truth is that any site with > 10k authenticated users a month and 100k+ user generated posts is going to need performance tuning.

      --
      sysadmins and parents of newborns get the same amount of sleep.
  5. Here is an example of.... by 3seas · · Score: 2

    ...what you may have to deal with.... This forum board has been closed for quite some time and still I get tons of registrations....
    http://abstractionphysics.net/phpBB2/

    Maybe consider contributing to a honeypot should you chose to pursue a forum. https://www.projecthoneypot.org/

  6. Take all the recommendations you get here ... by tlambert · · Score: 4, Interesting

    Take all the recommendations you get here ...and then:

    (1) Get the number of CERT advisories for each of them
    (2) Get the percentage market share of each one of them
    (3) Calculate (#2 * 100) / #1
    (4) Whoever is left with the largest number, pick that one

    For example, the calculation above for bbPress, which is a WordPress plugin, would also need to take into account the number of WordPress only CERT advisories, plus those for any plugins besides bbPress you felt it necessary to use, and the resulting number would let you write off using bbPress. Likewise, anything that used Java as an implementation detail would probably get written off due to the number of security holes which have been found in Java. Anything with an SQL back end would have to take into account SQL injections for the other components you intended to use, and so forth.

    Ideally, you would probably put your forums on an isolated machine, rather than hosting everything on one machine, which would drastically reduce the attack surface -- and this would become pretty crystal clear to you after you performed the calculation exercise.

    1. Re:Take all the recommendations you get here ... by Giant+Electronic+Bra · · Score: 3, Insightful

      1) You seem to know nothing about Java and JVM security. It is immaterial what language you are using on the server-side, Java is no more or less secure than any other.

      2) What difference does it make what the market share of a piece of software is. It is either SECURE or NOT SECURE. If it is not secure then it doesn't matter if one person uses it or 3 million, it is still not secure.

      When evaluating the security of a web application there are many considerations (I've actually taught web app security courses and done all this stuff). You should certainly look at how many advisories there are on a given product. You should also see when these happened, how they were resolved, etc. It may be better to use an application that has had numerous issues that have been promptly fixed for instance. How easy are updates to roll out? How soon do fixes come out? Can you review the source code to look for good coding practices and engineering? As for SQL does the product EVER use anything but bind params? If it does construct dynamic SQL that's a red flag, but it MAY be OK if ALL input parameters are carefully cleaned (bonus points of something like perl's taint mode is in use). Ideally you'd also want to run a full security scan against your test install with a good fuzzer and see what happens. If you can easily shake out bugs yourself then that's a red flag too.

      In other words you really can't sort out the security of an application by any simple formula, and certainly you need to use the right considerations. Anyone interested in getting more detailed advice would do well to start with something like OWASP https://www.owasp.org/index.php/Main_Page

      --
      "Malo periculosam, libertatem quam quietam servitutem." -- Jefferson
    2. Re:Take all the recommendations you get here ... by gman003 · · Score: 3, Insightful

      Yes, because changing your entire back-end architecture is a more logical move than escaping your strings or using parameterized queries or any of the other tools that can not only eliminate SQL injection vulnerabilities, but often make the code easier to write and read.

    3. Re:Take all the recommendations you get here ... by tlambert · · Score: 2

      1) You seem to know nothing about Java and JVM security. It is immaterial what language you are using on the server-side, Java is no more or less secure than any other.

      I only gave it as an example of a potential attack surface; it depends on how the scripting engine based on the back end works, and if it's injectable. I've seen code snippets for Java code handed back to the back end, with the code handed back being in the front end web page. An attack on that, even for a serialized object, is as simple as writing a transcoding proxy to substitute your serialized objects for the intended serialized objects, thereby compromising the back end JVM. I'd also point out that a shop running Java back ends is much more likely to also run Java front ends, and depend on the security model. This is certainly true for e.g. the Cisco VPN client that is so impossible to pry out of corporate hands because of the additional licensing costs for the Cisco servers in order to move to newer technologies.

      2) What difference does it make what the market share of a piece of software is. It is either SECURE or NOT SECURE. If it is not secure then it doesn't matter if one person uses it or 3 million, it is still not secure.

      It matters because the number of successful attacks should be more or less linearly proportional to market share. You would expect software with a larger market share to be more heavily targeted than software with a smaller market share, and therefore, everything else being equal, you would expect the number of exploits to fit the same curve. But all things aren't equal, and generally that inequality boils down to relative code quality/attack surface. Yes, you could question the value of N in a 1:N linear relationship (my suggested calculation used N=1), but it should be clear that the relationship between available targets and attacks on particular targets would have a naturally linear economic saddle, unless you were targeting a particular entity, rather than a particular technology. Since selling exploits is the typical business model for the exploit developer, unless we are talking about a government agency or vendetta sponsored hack, economics run the show.

  7. Invision by xQuarkDS9x · · Score: 3, Interesting

    In the last decade I was using Invision forum software not only because it was a very nice alternative to vbulletin and phpBB but it also seemed quite popular as well. They do have a demo for the Community Suite here - http://www.invisionpower.com/demo/ if you want to try it out.

    --
    You must master your joystick like a fisherman masters bait! - Gimpy
  8. phpBB by patchouly · · Score: 2

    I've set up several forums on my home server and I co-admin on a professional forum. The pro forums are running UBB Threads. Great software, but a little limiting. For my forums, I run phpBB. The software is easy to install, easy to upgrade and easy to mess around with. There are "mods" for practically any feature you'd want to add and with the easy integration, it's as simple as pointing the control panel to the installation file for the mod you want. Their forums are top notch and pretty much any questions you may have are there, already answered. If not, they are quick to help out. Best of all, phpBB is completely free. One thing I'd recommend is a basic, working understanding of HTML, CSS and some PHP. If you can't program in these languages, at the very least, you'll need to be able to edit existing code if you want to change your look. However, it should be noted that there are thousands of "skins" out there, all of which can easily get you really close to the look you are going for and then minor changes (like switching out the logo) are easy. Read through the forums, have a look at some of the forums people have built and, if you want to give it a try, download it and mess around for a bit. Because it's free, if you don't like it, there is no loss!

  9. you're posting this question on a forum... by magarity · · Score: 2, Funny

    Do they no longer give away slashcode?

  10. Depends by Arancaytar · · Score: 3, Insightful

    There are multiple very good forum software projects, and I have no clear preference. phpBB and SMF are good standalone solutions; Drupal is powerful if you're looking to have much more than a forum. LAMP (as in PHP/MySQL) is by far the most popular technology. Ruby and Python might be more stylish, but most of the PHP software has had years of continual improvement. Best get several of them (Wikipedia has a complete list) and try them out locally for comparison.

    Only two things I'd recommend against:
    - First, on absolutely no account try to write your own from scratch. The best projects now available have been in development for almost ten years (more in some cases). This is an extremely complex application with many pitfalls in design, database architecture, extendability, and security. If you were the best programmer in the world, it would take you months of constant testing and bugfixing before you had anything approaching stability; and you'd spend the coming years finding security holes and fixing design mistakes.
    - Second, avoid commercial solutions if possible. They're not usually better. Also, you should factor in not just the purchase price but the continual costs of upgrades and user-contributed addons. One good commercial board I've worked with is IPB, but that's only in recent versions after years of development - and I still prefer phpBB.

    1. Re:Depends by sandytaru · · Score: 2

      SMF has been the most error free of the various systems I've admin'd over the last decade. The only time the entire forum went down was when I forgot to renew the domain by accident.

      --
      Occasionally living proof of the Ballmer peak.
  11. The Forum Matrix by thenendo · · Score: 5, Interesting

    I recently had to select a forums solution for my company, and this site proved extremely useful: http://www.forummatrix.org/

    It catalogues tons of closed and open-source forum products coded by dozens of variables, and lets you compare them in a big matrix. Very useful if you have constraints/preferences like "works with SQL server" or "isn't PHP", etc.

    My main complaint about it is that some of the data are out-of-date, but it is still a great starting point.

  12. Re:Can't believe this got through submission queue by Anonymous Coward · · Score: 3, Insightful

    You're a dick. We should ban people from posting LMGTFY links on Slashdot just like we did on stackoverflow.

  13. Interesting joelonsoftware article on this... by snowball21 · · Score: 3, Insightful

    http://www.joelonsoftware.com/articles/BuildingCommunitieswithSo.html

  14. Simple Machines by Cito · · Score: 3, Informative

    SMF - http://www.simplemachines.org/

    what I use and with the GIGANTIC plugin support it's amazing. I never get spam problems, I have SMF set to use my wordpress logins for authentication, which means my wordpress uses Akismet to block spam therefore SMF uses it also since SMF users are set to be same as my wordpress users. Uses same database for logins.

    Which sounds like what you are looking for, users log in to your website means they are logged in to both wordpress and smf with 1 account automatically.

    SMF forums also have "bulletproof security" plugins similar to Wordpress that monitor sql threats, use 301 redirects and htaccess to shore up any problems it may think can happen.

    course nothing is 100% but I love SMF and it's huge versatility, offers more plugins and themes than other stuff like phpbb/vbulletin. And my opinion is more secure when merged with sites like wordpress using Akismet for accounts.

  15. Don't do what we did. by anorlunda · · Score: 2

    Our club went with a turnkey site host (wild apricot). We didn't ask enough questions about their forums. Here's some of the things we forgot.

    Support for videos and pictures in posts. Should be at least as easy as blogger.com.

    The ability to host the pics and videos on storage we control. Sites like picasa, snapfish, or even YouTube may not be around forever.

    A versatile engine to search old posts.

    The ability to backfill or forum history from our previous site.

    The ability to export forum archives from the new site in a format useful to backfill some future provider's forum.

    I also miss having a way to migrate or reformat old forum threads into wiki articles.

    Maybe your users don't post things that have archival value. If so, then they are easier to support.

  16. Disqus by bucktug · · Score: 4, Informative

    http://disqus.com/

    Customize it with CSS... call it a day. Forums are just pages with styled links. Your server doesn't suffer the load... the federated login is handled by others...

    --
    I had a flame... but she had a fire.
  17. Keep it up to date!! by EmperorOfCanada · · Score: 2

    Two things, one these products have huge attack surface areas along with a huge number of machines making them attractive targets. The simple fact that most are open source any code updates are often then maps to the just plugged vulnerabilities. So make sure you are religious about keeping it up to date.

    Next I love a consistent look and feel as it seems so do you. So when you customize the forum make sure that you do it through their plug-in/addon/template system and don't just reach into the code to customize it. The simple reason is the first part of what I wrote. You will want to keep that puppy up to date and this will then wipe out your changes if you don't do it through the "approved" way. Once you start noodling their code you will then be tempted to delay an upgrade while you insert your changes in their new code. Don't! Some of the holes in various forums allow evil doers to pwn your machine. (insert offensive saying as to just how pwned it will be). Also keep in mind these evil doers run automated scripts making lists of machines that they can someday pwn.

  18. Slashcode? by okmijnuhb · · Score: 2

    How hard is it to implement Slashcode?