NodeBB has a bug bounty program to supplement our efforts to identify vulnerabilities in our software, and to reward those who submit them to us for fixing.
Please visit our bug bounty page for more information.
NodeBB has a bug bounty program to supplement our efforts to identify vulnerabilities in our software, and to reward those who submit them to us for fixing.
Please visit our bug bounty page for more information.
The General Data Protection Regulation (GDPR) is a European Union law intended to promote the protection of privacy and personal information. It’s main goal to give users more control over their personal data.
NodeBB was the world's first GDPR compliant forum software. Please visit the NodeBB GDPR page to review our Data Protection Addendum (DPA) and our list of subprocessors.
NodeBB currently has integrations for:
Other integrations can be built, if you are interested please contact us for more information.
Enabling Facebook SSO requires that you have a Facebook account of your own. You will also need to restart your NodeBB instance a couple of times during the process. This will shut down your forum to users for a short period each time, so if you run a busy forum you may wish to do this during off-peak hours.
Install and activate plugin
Enable Facebook sign-on
Returning to NodeBB, copy and paste the Application ID and Secret code into the appropriate places on the Facebook menu page. You can also allow users who sign on with Facebook to skip the standard email verification step since Facebook usually does a good job of verifying these emails, but this is up to you. Be sure to save these settings. Once you are done, you will need to restart the forum one more time.
Once your forum restarts, new users will be able to join your forum using their Facebook ID. This option will be added to the user registration page automatically.
Enabling Google SSO requires that you have a Google account of your own. You will also need to restart your forum a couple of times to activate Google SSO for your users.
Install and activate plugin
Enable Google SSO
Authenticate your forum in the Google API console, which is linked from this page. Before opening the Google console, select and copy the text /auth/google/callback without the single quotes. You'll need this info later to link Google SSO with your forum.
Confirmation email address
You'll be asked to provide a confirmation email address and a product name. This information will be shown to users who register for your forum, so make sure the name given is descriptive of your site. On the last set up page, just click Done.
Your Client ID will now be set up. You'll need both Client ID number and Secret code to activate SSO. To get these, click on the name of your ID. The easiest thing to do is to copy and paste both these codes into a blank notepad window. Once you have done this, you can exit the Google API page.
Returning to NodeBB, copy and paste the Client ID and Secret code into the appropriate places on the Google menu page. You can also allow users who sign on with Google to skip the standard email verification step since Google usually does a good job of verifying these emails, but this is up to you. Be sure to save these settings. Once you are done, you will need to restart the forum one more time.
Once your forum restarts, new users will be able to join your forum using their Google ID. This option will be added to the user registration page automatically.
NodeBB does allow uploaded images to be displayed, but it is not optimized for large images or a high volume of images. If your forum lends itself to a lot of image sharing by members, you will want to activate an image handling plugin. One popular example uses the image sharing site Imgur.
Now you'll need to register your forum with Imgur. If you don't already have an Imgur account of your own you'll need to create one first.
Once these steps are completed, any images uploaded to your forum will automatically be stored in your Imgur account.
One of the first important things to do after setting up NodeBB is to set up an emailer plugin. While NodeBB does include a local emailer, if your forum is particularly active we recommend using an third-party emailer such as SendGrid which provides better deliverability for sites that send a high volume of email. Setting up SendGrid in NodeBB is very easy.
After you restart, there should be a item called Emailer (SendGrid) under the Plugins menu -- if you don't see this right away, try refreshing your browser.
Sign up to SendGrid
Now, return to the SendGrid menu on your NodeBB admin panel. Paste the API key into the field, and save your changes. Now go back to the Dashboard to restart your forum one more time.
SendGrid should now be working for your forum.
While NodeBB does provide anti-spamming features, spam posts will occationally slip by.
Logged-in admins can edit or delete offending messages right away by clicking the 'gear' icon on any message. You can also create moderator accounts that are separate from the main admin group. In addition, we have user moderation tools which allow admins to to select multiple users to delete/ban them or to remove their topics/posts. We also have IP Blacklisting which will ban all users originating from a range of IP addresses.
Spam is a problem for many forums. To combat it, NodeBB uses a number of different services in a single anti-spam plugin known as Spam-be-Gone.
Spam-Be-Gone makes use of three separate services to limit spam. Each of these requires a one-time set-up to activate.
Akismet
Akismet is a spam filtering service that is run by the blogging platform WordPress. If you are running a non-commercial website you can use it on a pay-what-you-can basis.
Project Honeypot
Project Honeypot is a second service used by NodeBB to help identify individuals and bots who are known to be responsible for high volumes of spam postings. You can create a free Project Honeypot account by following the link from the dashboard and providing your information. Once confirmed, you can get an API key by logging into the Project Honeypot dashboard, and clicking the "get one" text link on the left side of the screen. Copy the key, then return to NodeBB, activate the service, and paste the key.
reCAPTCHA
The Google reCAPTCHA service can be used to provide an additional layer of spam prevention by setting up a challenge that filters humans from bots. Activating this service requires a Google account. If you wish to use this service, follow the link from the NodeBB dashboard, and enter the URL information for your forum. reCAPTCHA makes use of two different keys: a public API key and a private, or secret, key. Copy and paste each of these keys into the appropriate field in NodeBB.
When you are done entering information for all the services, be sure to hit Save at the bottom of the Spam-be-Gone page. You will need to restart the forum one more time for these changes to take effect.
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
By default, all NodeBB hosted forums come with SSL enabled. This means that if you are using the NAME.nodebb.org domain that we provide, all your traffic will automatically be encrypted for better security.
If you wish to use your own domain name, please follow the steps outlined in this article. Once complete, contact us at [email protected] to setup your free SSL certificate to ensure that your traffic remains secure.
SSL certificates are provided by Let's Encrypt, please visit them at https://letsencrypt.org