Hardening Guide for phpList

Tags: #<Tag:0x00007ff5e556ee00>

Hello everyone,

Earlier this month phpList 3.5.1 was released. This was a security release. Earlier today a community member shared on Twitter this very useful guide Hardening Guide for phpList!



Hey, thanks for sharing. You beat me to it :slight_smile:

fwiw, this guide (and everything on my blog) is licensed CC-BY-SA. So feel free to adapt it into the phpList wiki or manual. Just be sure to provide attribution by linking back to my original article.

Also, there’s some comments flowing in on /r/php; maybe the phpList team would like to join that discussion?

1 Like

thanks for the guide. I did not see the following in config.php nor in config_extended.php

And this is not security-related, but I personally recommend these as well.

// send base64 to prevent the contents from being mangled
define(“HTMLEMAIL_ENCODING”, “base64”);

// attach images because otherwise gmail MITMs our links and causes 404s

1 Like