I am pleased to present you a free (and open source !) online tool to check the health of your Flarum, or any other Flarum out there really.
Simply go to https://lab.migratetoflarum.com/ and enter your forum url to get started.
For now the report includes the following data:
- Checks both the bare and www version of your domain on
- Warns of unresolvable hosts or insecure settings
- Warns of duplicate urls
- Warns of invalid
https://, checks your HSTS and CSP headers
- Shows the list of all extensions loaded on the frontend, with links to Packagist, Flagrow.io and GitHub. Only extensions adding features to the user-facing area are visible
- When possible, show extension version and suggest updates if available
- Warns of deprecated extensions
- Some admin-only or background-only extensions might not be detected
- Checks if your webserver is exposing
vendor folders as well as Composer files
- Checks for known Flarum security vulnerabilities
Forums are awarded a rating from A (best) to D (worst):
- A+: same as A, but implements recommended security headers
- A: correctly configured on HTTPS
- B: correctly configured on HTTPS but with deprecated extensions or suboptimal redirects
- C: Invalid configuration or HTTP only
- D: known security issues and/or outdated Flarum and/or vulnerable extensions
Once you fixed your issues, start a new scan to get your new rating 😉
Privacy / disclaimer
Use this service at your own risks.
When scanning a website you can choose to not list the results on the homepage. All reports (hidden or not) are stored on the server for an indefinite amount of time.
This service is operated by Clark Winkelmann. Please report any issue here or on the GitHub repo.