- Download latest phpBB script.
- Upload and decompress the phpBB3 archive to your website root or directory.
- Change the permissions on config.php to be writable by all (666 or -rw-rw-rw)
- Change the permissions on the following directories to be writable by all (777 or -rwxrwxrwx):
- Point your web browser to the location where you uploaded the phpBB3.
- Click the INSTALL tab, follow the steps and fill out all the requested information.
- After installation, change the permissions on config.php to be writable only by yourself (644 or -rw-r–r–)
- That’s all.
MAKE SURE you read Security related post-installation instructions, and also take note regarding anti-spam measures.
Important (security related) post-Install tasks for all installation methods
Once you have successfully installed phpBB you MUST ensure you remove the entire
Beyond this essential deletion, you may also wish to delete the docs/ directory if you wish.
With these directories deleted, you should proceed to the administration panel. Depending on how the installation completed, you may have been directed there automatically. If not, login as the administrator you specified during install/conversion and click the Administration Control Panel link at the bottom of any page. Ensure that details specified on the General tab are correct!
6.i. Uploadable avatars
phpBB supports several methods for allowing users to select their own avatar (an avatar is a small image generally unique to a user and displayed just below their username in posts).
Two of these options allow users to upload an avatar from their machine or a remote location (via a URL). If you wish to enable this function you should first ensure the correct path for uploadable avatars is set in
Administration Control Panel -> General -> Board Configuration -> Avatar settings. By default this is
images/avatars/uploads, but you can set it to whatever you like, just ensure the configuration setting is updated. You must also ensure this directory can be written to by the webserver. Usually this means you have to alter its permissions to allow anyone to read and write to it.
Please be aware that setting a directory’s permissions to global write access is a potential security issue. While it is unlikely that anything nasty will occur (such as all the avatars being deleted) there are always people out there to cause trouble. Therefore you should monitor this directory and if possible make regular backups.
6.ii. Webserver configuration
Depending on your web server, you may have to configure your server to deny web access to the
vendor directories. This is to prevent users from accessing sensitive files.
For Apache there are
.htaccess files already in place to do this for the most sensitive files and folders. We do however recommend to completely deny all access to the aforementioned folders and their respective subfolders in your Apache configuration.
On Apache 2.4, denying access to the
phpbb folder in a phpBB instance located at
/var/www/html/ would be accomplished by adding the following access rules to the Apache configuration file (typically apache.conf):
<Directory /var/www/html/phpbb/*> Require all denied </Directory> <Directory /var/www/html/phpbb> Require all denied </Directory>
The same settings can be applied to the other mentioned directories by replacing
phpbb by the respective directory name. Please note that there are differences in syntax between Apache version 2.2 and 2.4.
For Windows based servers using IIS there are
web.config files already in place to do this for you. For other webservers, you will have to adjust the configuration yourself. Sample files for nginx and lighttpd to help you get started may be found in the
8. Anti-Spam Measures
Like any online site that allows user input, your board could be subject to unwanted posts; often referred to as forum spam. The vast majority of these attacks will be from automated computer programs known as spambots. The attacks, generally, are not personal as the spammers are just trying to find accessible targets. phpBB has a number of anti-spam measures built in, including a range of CAPTCHAs. However, administrators are strongly urged to read and follow the advice for Preventing Spam in phpBB as soon as possible after completing the installation of your board.