Hello everyone,
Earlier this month phpList 3.5.1 was released. This was a security release. Earlier today a community member shared on Twitter this very useful guide Hardening Guide for phpList!
Mariana
Hey, thanks for sharing. You beat me to it 
fwiw, this guide (and everything on my blog) is licensed CC-BY-SA. So feel free to adapt it into the phpList wiki or manual. Just be sure to provide attribution by linking back to my original article.
Also, there’s some comments flowing in on /r/php; maybe the phpList team would like to join that discussion?
1 Like
thanks for the guide. I did not see the following in config.php nor in config_extended.php
And this is not security-related, but I personally recommend these as well.
// send base64 to prevent the contents from being mangled
define(“HTMLEMAIL_ENCODING”, “base64”);
// attach images because otherwise gmail MITMs our links and causes 404s
define(‘EMBEDUPLOADIMAGES’,1);
1 Like