I think I have been reading enough of the threads and others XOOPS installs that I think I can say a couple things to new users and hopefully the old timers here will comment, explain or elaborate as would be helpful for a novice xoopsters...

1) For best security change as many default settings in the setup menus as possible... ie, table prefix and any others that may be guessed or easily known. I read some thread that actually considered adding a random prefix generator in the install setup. I think logical personalization makes more sense.

2) The Protector Module addresses some issues along these lines and should be installed. Perhaps someone could post the link to the Protector Module.

Hope this helps those who like myself, intend to take XOOPS commercial and use it on secure interactive sites.

One last thing... Xoop's version 2.0.9.2 is also recommended as it directly addressed another security issue in prior version's.

here you can download the protector module