Running a forum is not technically difficult these days. But it is to keep it up and running without hassles. Apart from the hosting woes, you need to deal with spammers, hackers and what not.
Secure your hosting
Let us hope your host is smart enough to handle DDoS attacks using CloudFlare or similar technologies. And make sure that you give proper permissions to directories and files have proper permissions that meets industry standards. Avoid anything that give 777 permissions on your hosting. That would be an open invitation to someone who wishes to malice your website. For those who do not know, 777 will allow anyone ( ie, user, group and world ) to read, write and execute permissions on your hosting.
Make sure you change your cPanel (or other control panel if you use something different ) log in password if you had to share it with someone else ( avoid this if possible ). The same applies to your FTP password.
Make sure you verify the security of whatever you install on your hosting. Some scripts in billing or for control panel might give security issues you never thought of.
Stop access to Admin Control Panel ( ACP )
The next security vulnerability is through your script. Normally, admins are given a lot of privileges that can be misused by hackers. Most basic of precautions is to limit access to Admin Control Panel to an IP range in which you operate.
Some scripts give Two Factor Authentication(2FA) feature as well. Make use of it and use your phone or email to add another layer of security to your admin control panel.
Another chance of getting ACP access compromised is when you start distributing admin accounts. This can be operations based in which you add more admins to your forum or give someone an admin account in order to get some troubleshooting done. Both are however highly discouraged if you do not want your forum's safety compromised. It would be better to give admin account with restricted access ( ie, no access to templates and similar ) if you cannot avoid giving access to admin control panel.
Also revoke the admin account once you finish the troubleshooting activity. It will be prudent not to hand over admin control panel access to some untrustworty or unknown person. Also, acquire some basic coding skills to go through your core templates and make sure no malicious code has been added to it when you shared the admin control panel access.
Make sure you are up to date
Always use scripts which give regular updates that fix potential vulnerabilities. The same applies to your themes and plugins. Build a tech team that will monitor info about release of new updates and keep your forum script and addons updated. It would be a bad lookout if you update just the core and leave addons or themes vulnerable to attack from hackers.
Scan and check if your forum is already compromised
Use some website scanning tool like Sucuri (sitecheck.sucuri.net/) to make sure that your are not already victimized. This gives you an option to correct your previous errors and fix it.
I have checked admin-hub and it came clean
Good luck and happy foruming.
The post was edited 1 time, last by meetdilip ().