That's one area where phpBB3 excels in terms of security.pselestok wrote:What about protecting it from SQL Injection ?
While phpBB3 has had "security" fixes, none of them were serious nor would allow someone to come anywhere close to taking over the board/site.
phpBB3's security record: http://secunia.com/advisories/product/1 ... advisories
In my experience of the "hacked" boards I've seen, the board was taken over by either 1) other insecure software on the server which granted full server access or 2) compromised FTP passwords via malware on the user's computer which granted file/server access. None of these are related to phpBB itself.