New Install - Version / Update / Harden


I succesfully installed phplists. I’m on a no-funds project, therefore I use a existent webhosting account from hetzner that does not allow shell-access, therefore I can’t use composer and thus downloaded and uploaded /lists via ftp.

Everything works great - but the version is shown as “vdev”. I’d like to upgrade to the most recent stable version and use the “Updater Plugin”. I tried to install that, using the gui, but it can’t be enabled: “Failure on system requirement phpList version 3.5.4 or greater

Can you point me to an upgrade path?

I’d like to “harden” my installation:

  1. can I use basic auth (via .htaccess) on the ‘admin’ dir?
  2. is there an example for a CSP Header?
  3. anything else, I should consider regarding security?

My use case is: I have a website, users shall be able to sign-up to our newsletter, using phplist

Ok. I’ll update by overwriting with Download (phpList). I’ll let you know if there is any trouble.

The ‘hardening’ is still to be done

@makro You shouldn’t install from GitHub, use the process explained here Installing phpList man... | phpList manual

Great! Overwriting /list and applying the config.php + upgrade the db worked like a charm. I’m still into ‘hardening’ especially CSP and basic auth for /admin (in order to have the backend-login not open to the public.

One thing I noticed: Sending Mail fails at first (timeout connecting to smtp) I can’t access the php error log so I don’t know whatr really happens. I can ‘fix’ the issue, setting the smtp_debug of phpmailer6 to level 4 - send one mail and then set it back to 0. Works, but I have no clue why. If I find out why, I’ll let you know.