- b2evolution CMS Support Forums
- b2evolution Development
- A look into the future
- Feature requests and Feedback
- Improvements to avoid people turning away from B2Evolution
1 ingeniero Dec 13, 2015 14:56
I suggest B2Evo should be easier to use and easier to update!
I found many useres that had massive problems as me have left B2Evo and use Wordpress now!
I also thought of that but I have 8 B2evo on 20 domains so I stayed for now!
B2evo has such a bunch of security features that block the owner more than the spammer or hacker and it would be really usefull if
you could switch off all SPAM protection and Crumbs and Cookie of in the system Menue at least for a limited time (like 3 hours or xxx hours)!
In my opinion the default files delivered with B2Evo do not give you reasonable settings but overdo with maximum security!
If I recieve some 100Spams I don't mind but I cannot risk to use one client!
in the original download advanced php is missing the multi domain settings.
the contact forms default on Ajax
the hataccess file misses the php flags.
here comes a corrected .htacess as it should be bundled:
php_value memory_limit 512M
php_flag allow_url_include 0
php_flag magic_quotes_gpc off
php_value upload_max_filesize 199M
php_value post_max_size 200M
php_value max_execution_time 500
# Apache configuration for the blog folder
# Lines starting with # are considered as comments.
# PHP SECURITY:
# this will make register globals off in the evo directory
<IfModule mod_php4.c>
php_flag register_globals off
</IfModule>
<IfModule mod_php5.c>
php_flag register_globals off
</IfModule>
# PHP5
# This may need to be in each folder:
# AddHandler application/x-httpd-php5 .php
# CLEAN URLS:
# If you're using Apache 2, you may wish to try this if clean URLs don't work:
# AcceptPathInfo On
# DEFAULT DOCUMENT TO DISPLAY:
# this will select the default blog template to be displayed
# if the URL is just .../blogs/
<IfModule mod_dir.c>
DirectoryIndex index.php index.html
</IfModule>
# CATCH EVERYTHING INTO B2EVO:
# The following will allow you to have a blog running right off the site root,
# using index.php as a stub but not showing it in the URLs.
# This will add support for URLs like: http://example.com/2006/08/29/post-title
<IfModule mod_rewrite.c>
RewriteEngine On
# This line may be needed or not.
# enabling this would prevent running ina subdir like /blog/index.php
# This has been disabled in v 4.0.0-alpha. Please let us know if you find it needs to be enabled.
# RewriteBase /
# Redirect anything that's not an existing directory or file to index.php:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php
</IfModule>
Thank you for your suggestions. We added missing
php_flag
andphp_value
statements to the .htaccess file for the next 6.7.x revision. Please find our latest recommended version here: http://b2evolution.net/man/htaccess-fileThen, regarding SPAM protection, it's easy to turn of for admins: http://b2evolution.net/man/i-can-t-post-spam
Regarding security, I think you underestimate how many people get their sites hacked. You have to give them security out of the box.
Anyways, I understand what you mean with disabling crumbs, I just don't understand why you would want that.
However, regarding cookies, I'm not even sure what you mean with disabling cookies. Is this a separate issue you have or is it related to the crumbs issue?
As far as I remember, all your crumb/cookie issues are related to using different domains on a single b2evolution installation, which requires configuring a few things specifically. Please see the "Notes" section of http://b2evolution.net/man/multiple-domains