I’m setting up a new forum and chose Flarum. The default installation instructions suggest using a subdirectory for security reasons. I understand the reasoning behind this, but I’m curious about how crucial it actually is. If the forum is hacked, wouldn’t the user information still be vulnerable?
Or is the idea that files like images wouldn’t be deleted? I’m not exactly sure where Flarum stores its data—it might not all be within public_html/
or public_html/forum/
, depending on where it’s installed. I assume the data is stored in a MySQL database, which should be secure and inaccessible, regardless of the installation method, in the event of a hack.
I’d appreciate any insights on this. I want to make the right decision now to avoid problems later. Ideally, I’d like the forum to be accessible at domain.com
rather than domain.com/forum
or forum.domain.com
. If there’s a way to secure just domain.com
, that would be ideal.