Have you already read this: http://docs.elgg.org/wiki/Security

@Jano Read about .htaccess rules for Elgg http://weborganizm.org/totemz/v/843/elgg-performance-scalability#3497

Also you can set default privacy for users only for friends. And besides that you can enable walled garden.

Rodolfo Hernandez

Arvixe/Elgg Community Liaison

Just as a mention for most security your site:

For checking the compromise your site try to upload image that contain php code.

Save this code in file with .jpg extension and upload it as an image via TidyPics plugins (upload as a new image in to existing album).

If your Elgg site gives a mistake then all OK ;)

Thanks for answers!

Jano, in terms of ability for users to control content, Elgg is very secure and quite flexible. Access collections allow you to set almost any type of access rights in a very flexible way. They're especially usefull for non-standard access rights (they require some coding then, but are very flexible and quite simple). It's eg. very easy to create access which Google Circles implement.

In terms of security of breaking in to the platform, Elgg is being constantly updated with security patches in cases where any security holes are found (which is the case with any software). I would say it's very secure as well, it's a mature script.

Probably the most important part is security of your server. I saw servers with some very severe security holes there. If your server is not secure, no matter what platform you use, you're not safe. This is however not related with Elgg.