Because PHP-Nuke is so popular, it is frequently attacked by those, who are looking for security flaws. Also, since it contains a port of phpBB2, it also has to deal with the security issues of that piece of software.
It is important to note that many of the security risks may be blocked by following a few key guides:
- Never use the default table prefix, change it to something unique and do not publish it;
- Disable PHP's register_globals setting;
- Disable the ability to display_errors;
- Do not use versions that include the TinyMCE WYSIWYG Editor. Many security features had to be removed from PHP-Nuke in order for this editor to work.
In a production environment, the above will keep critical information from leaking. Since many SQL injection attacks use the default table names, changing the prefix is a good idea - one not much discussed.
These recommendations are not applicable only for PHP-Nuke. Executing them for any PHP based content management system is suggested.
The PHP-Nuke project has been forked many times by different people, for different reasons. The most popular of these are:
- Zikula - based on PHP-Nuke 5.0. Zikula is a flexible Open Source Application Framework. With Zikula you can build almost any kind of websites. It can be used as a simple weblog or as a high end ecommerce business portal.
- Dragonfly CMS/CPG-Nuke - based on PHP-Nuke 6.5 with Coppermine Photo Gallery included.
- Nuke-Evolution - Based on PHP-Nuke with many security fixes, custom modifications, and PHP-Nuke modifications pre-installed (Available in Basic, Advanced, Clan, & Business Versions).
- XOOPS - based on PHP-Nuke and myPHPNuke. XOOPS is a popular and easy to use Content Management System. With Xoops you will be able to create many different types of websites - web portals, blogs, community web sites, etc.
- Xaraya - based on Postnuke.
These forks, and others, have had their own ideas regarding several aspects of the system, and thus do many things in different ways in an attempt to produce a better product. Nevertheless, most, if not all of these systems can be used to produce a community portal similar to that which can be built using PHP-Nuke, although it is possible that these systems are better at doing some things than PHP-Nuke (and vice-versa).
- Official PHP-Nuke website.
- Index of Local PHP-Nuke Sites.
- PHP-Nuke: Management and Programming (online book).
- Analyzer/Debugger Script to help debug PHP-Nuke Installs.
Please, feel free to contact us if you have any questions or recommendations about this tutorial at: tutorials 'at' siteground.com