Most sites are hacked because of incorrectly configured access chmod (second place outdated cms modules, sql-injections, etc.). So how do I set up chmod properly in phpBB forums?
All folders 755
All files 644
Four exceptions where we set 777:
files – so that users can upload files to the forum
cache – so your hosting will not complain about the load
store – to install extensions
images/avatars/upload – to upload avatars
If you want, you can limit your users and close all directories to 755 (to be less boring – make a preset gallery of avatars).
Attention! Before installing the engine: config.php must be 666 (then change it to 644).