• Crumbs (nonces)

    Principle The goal of crumbs is to prevent a hacker from being able to blindly carry out actions on your blog by tricking you into clicking on a link. For example, let’s suppose a hacker sends you an email containing a link saying "click h… more »
  • Exposing PHP Errors to Visitors

    Best practices recommend you do not show any technical error messages to users because if they are malicious, those error messages can help them gain knowledge about the technical details of the server and help them refine an attack strategy. Thus we r… more »
  • mod_security

    mod_security (http://www.modsecurity.org/) in a PITA. We do not recommend its use. mod_security will scan requests in the most "stupidest way" and block them. (We made tests with the OWASP core basic rules and they logged tons of false… more »
  • Using SSL

    This page will be amended. Getting an SSL certificate There are a small amount of universally recognized SSL signing authorities. However they have dozens of resellers who resell the same certificates cheaper as if you buy them from the source. So shop… more »
  • Optimal File Permissions

    On your system you typically want to restrict your file permissions to the maximum for best security, but not as much as b2evolution will not be able to save uploaded or cached files any more. Optimal file permissions are basically a tradeoff between s… more »
  • User Permissions

    User permissions define what a user can and cannot edit, and whether they have access to the Back Office. more »
  • Why do I need Server Side Analytics (SSA)?

    Analytics let you see how your Site Visitors and Site Users actually use your site. Where they come from, what they look at, how long they stay, what they’re searching for, etc. Why not just use Google Analytics? Google Analytics will give you… more »
  • B2 API

    The b2 API is one of the APIs supported by b2evolution. Supported methods as of b2evolution version 2.4: * b2.newPost : new post call allowing to specify a category * b2.getCategories * b2.getPostURL : retrieves the permalink of a given post This… more »
  • API Error Codes

    As of version 2.4, b2evolution supports 4 different APIs: MetaWeblog API MovableType API Blogger API b2 API Error Codes As of b2evolution 2.4 have been normalized like this: Code: 801 Message: Wrong username/password combination. Code: 802 Message:… more »
  • Collection Type Panel

    This is the type of your collection. Types can be: Standard blog: A standard blog with the most common features. Photoblog: A blog optimized to publishing photos. Group blog: A blog optimized for team/collaborative editing. Posts can be… more »
  • Archives Widget

    This widget displays a list of links to the archives. It links to monthly archives by default, but this is configurable. Settings more »
  • Universal Item List Widget

    This widget allows you to list virtually anything anywhere and in any form. It allows you to filter out items from any blog and configure how to display them. This widget is actually the parent widget of many more specific widgets. Example: get ad… more »
  • Latest Comments Panel

    This panel lets you determine how many comments are displayed on disp = comments. more »
  • Messaging Panel

    Select the appropriate image size for the messaging feature. more »
  • User Directory Panel

    Select the appropriate image size for your user directory. more »
  • Download Pages Panel

    When a file is attached to a post and a user clicks to download it, he will be directed to a downloads page. This page will show a download template (disp = download) and the download will begin only a few seconds later. You can define how many seconds… more »
  • Archives Panel

    You can configure how to browse through your post archives by deciding on an Archive grouping option. Your choices are monthly (default setting), weekly, daily, and post by post. You can configure how your archive is sorted by deciding on an Archive… more »
  • Tracking Panel

    If the Tracking feature is enabled, then new/changes topics will have a color dot in front of them (in skins that support this, e-g: forums): Orange dot: this is a new topic, you have never read it before Red/Brown dot: this topic has changed since you… more »
  • "Who's Online?" Widget

    This widget displays a list of the users currently online (based on a timeout you can define). Due to the very nature of the WWW, the "who’s online?" session tracker can only offer an approximate view of who’s actually online.… more »
  • Calendar Widget

    This widget displays a calendar where each day that has posts is a link. Clicking on a day displays the post list (post "archives") for this day. The current day is also highlighted. Widget Params more »
  • Post ID

    This is the internal ID of any Item/Post/Page?/Topic in your b2evolution Database. You can find it by editing a post and looking at the top left of your edit form: more »
  • disp = terms

    This Disp is used to display the terms & conditions of your site, if you want users to explicitly accept them. To enable this feature, simply add the Post ID of your Terms & Conditions page to your Site Settings > Global Site Settings. This… more »
  • Tag

    A tag is a simple term (one or multiple words) that can be associated to a Post in order to describe its contents. Each Post/Item can have multiple tags. Tags can be associated with a post in the Post Advanced Properties Panel. Existing tags can be… more »
  • After each new post or comment...

    This is the panel where you can control how outbound pings and notifications are sent out when a new post or a new comment gets published on your b2evolution installation. Notifications include: email notifications sent by b2evolution. (See also:… more »
  • MyISAM vs InnoDB

    MySQL supports multiple storage engines, amongst which MyISAM and InnoDB are the most widely used. Each has its own advantages and there is no final rule on which is best. Oftentimes, using a mix of both will provide the best balance between data integr… more »
  • Image / Attachment Positions

    When images or other files are attached to a post, they can be assigned to different positions: Positions Reference Teaser The image will be displayed before the Teaser of the post. Clicking on the image will zoom it. Teaser-Permalink The image will be… more »
  • [teaserbreak] Short Tag

    This short tag allows to mark the separation between the Teaser of a post and the body of the post. In many views, b2evolution will display only the Teaser of a post and a "Read more" or "Full story" link will appear at the position… more »
  • [pagebreak] Short Tag

    This tag allows to have multi-page posts. This used to be really popular in the days when CPM ad banners were cluttering the pages and site editors wanted to generate as many page views as possible. More recently, splitting article over multiple pages… more »
  • disp = edit

    This Disp is used to display the in-skin edit form for a Post. This is also used for creating new posts directly in the skin. This only works if In-skin editing is activated in In-skin Action Settings. This is especially useful in Forum collections… more »
  • Changing the type of a post

    1. Initiating a post/item type change In b2evolution 6.6+, changing the type of a post has important consequence, since each Post Type can have a different behavior as well as different fields. There are several ways to initiate a post type change:… more »