What is Aura?

Aura is an open-sourced forum software application released under the GNU General Public License (GPL-3.0), Version 3, 29 June 2007. It is free to download and use, and will remain so. Aura was designed to be a credible, fresh alternative to older forum software and a new opportunity to light up communities accross the globe. It is a fast, user-friendly and very secure which offers a whole variety of important features when setting up your community.

Aura is a fork of our now-defunct Aura Forum Software branch, which was in turn forked from FluxBB 1.5.7. It adds a whole number of new features and security improvements, such as the use of PDO Prepared Statements, more advanced hashing algorithms and salt for user passwords.In 2015, FluxBB 2.0 was merged with the Flarum project, which was not very popular among community users. Development is still ongoing under the direction of Franz Liedke, but only until Flarum is fully released at which point development will cease. Due to the unforeseen and sudden circumstances, FluxBB was forked into Aura and then into Aura, which includes many improvements and enhancements to the software.

So why should I use Aura?

Every user wants to light up their communities, and with Aura we give you that balance that is needed whilst taking care of things behind the scenes that you don't need to worry about. We give you the tools to build your own community while providing understandable features and a forum software that is easy to manage and control. Aura is primarily written in PHP and MySQL, two of the most widely-used programming languages. We have a large number of useful features that are very well optimised, and we use intensive caching to speed up the delivey of your application.

Developer Friendly

Our code is very developer friendly, meaning you can very easily create your own extensions for Aura and enable them through the administration panel by simply uploading and clicking a single button. This saves time, effort and maximimses your own community performance. We use a custom made database driver to allow you to reap the rewards of PDO with having to over-complicate things for yourself. Custom methods such as select, update and delete allow you the ability to quickly access common functions for a database while not having to know any SQL knowledge. Gone are the days of using try/catch blocks to catch exceptions, you simply need to use the available method, keeping a single array of data separate from the query.

We use a custom-written MVC (Model View Controller) codebase for our forum application, so that you have a clean PHP code to work with whilst creating any extensions. MOst other forum software, including phpBB, simply use a Procedural style of coding which often end up using global variables. These variables hog memory and other resources, and can be modified by any function or class which controls them. Our codebase has removed all global variables and is precise in modifying exactly what needs to be modified at any one time. With Aura you have a clean and effective codebase to use at your disposal.

PDO (PHP Data Objects)

We also use the benefits of PDO prepared statements to keep your forum completely secured from SQL Injection. At last count, at least 90% of all popular forum software do not utilise this feature and instead simply "escape" user data before placing it directly into the query. Escaping data is not as reliable as prepared statements and leaves open the potential for vulnerabilities with the forum. Moreover, some applications are still vulnerable when using PDO (particularly those running <= MySQL 5.5.11) due to the use of "emulated" prepared statements. These are when PHP sends the data and query to MySQL separately (like a prepared statement), but the MySQL server will simply escape all the data and then insert it into the query. This can become a security risk, especially if the MySQL server is running a charset such as the default (usually Latin 1). With Aura, we connect using utf8 and disable emulated prepared statements to circumvent such security vulnerabilities. Security remains the #1 priority of your forum.

Once more, you can only be SQL Vulnerable when you code a special, not standard way of querying the database.

Ease of Administration

Our system allows you to very easily and efficiently administrate your forum, without even needing to touch a single line of code. Moreover, when it comes to updating your forum, we have a built in automatic updater which will guide your forum through the process. Don't want automatic updates? That's fine. These can be disabled or enabled at your will. We allow administrators easy access to stopping spammers, moderating forums and assigning new user groups.


Aura uses an sha512 hash (128 characters), along with 16 characters of salt for each user password in the database. This means that in the event your database was compromised (which could only happen through the back-end of your server itself), attackers would have to spent an awful lot of time attempting to crack your hashes. We also use login keys for a one time login per-user, which are re-generated on every logout. This means that unlike other forum softwares, such as FluxBB or PunBB, who simply put the hashed user password into the cookie, it is much harder, if not impossible, to guess the cookie value of a Aura user. Each login key is 60 characters in length.

In addition, we use a token system to prevent cross site request forgery attacks against your forum. These are when hackers can exploit unauthorised requests to your forum, allowing them to impersonate other users, potentially changing forum submission details or launching payments.

Part of the token is made up of the unique login key for that one session on the forum. Forum-based passwords are hashed using sha512 and another 16 characters of salt. To prevent users from guessing forum-based passwords, cookies are also given salt, an impressive 64 characters of salt, unique to their cookie.

We use advanced brute-force protection to stop people from randomly "guessing" one of your users passwords, which can be toggled on or off at your will. Set the amount of login attempts per username, or the total amount for all users at any time, as you use your very own login queue to prevent brute force attacks on your forum.


Spammers are troublesome users, who repeatedly enter nonsensical messages or links to websites. It's important to understand that spam is a very difficult thing to combat on certain applications and forums more than others. However, with Aura, we have already thought this out. Since most spammers are bots, we have already gone ahead and denied all bots access to your register, login and posting pages. This means that no bot can register, login or post on your forum already blocking the vast majority of spam and abuse.

We also use configurable robot tests to allow only users who are really interested in what your forum has to offer to answer them. These can be configured on a group basis, but that's not all. We allow you to moderate all posts made in forums, or on a user-group basis to prevent spam from really getting through. Any combination of these is enough to truly bore human spammers making their entire goal redundant. Still not enough? We also include StopForumSpam integration which will allow you to report the troublesome users to StopForumSpam directly through your forum interface. And if you're still not satisfied, you can download one of our many extensions. Dealing with Spam has never been so easy!

CDN (Content Delivery Network)

Aura has CDN support built in to help even more to produce the fastest possible loading times for your forum. Compress images using the TingPNG compression tool in order to reduce server bandwidth and space, optimising your website even more. Choose which files you want on your own content delivery network and which you want on the same domain as your forum.

Search Engine Friendly URL Schemes

Aura uses a number of different URL schemes allowing you to choose the URL scheme of your forum. The default, file based and folder based URL schemes are easy to switch to, by a single dropdown box in the admin panel. You can choose how you want search engines to perceive your website and rank it. Moreover, we use the "canonical" tag to tell the Google bot how you want your page to be indexed. This means that even if they access it through the default scheme, you will still get indexed using the URL scheme you want.


Extensions, or modifications, are often a difficult thing to achieve, because they nearly always require you to edit the core of a program, which is never good practice. With Aura, we have introduced an extensive plugin and extension system, allowing you to simply upload files into the appropriate locations. You don't have to edit files by hand, making the process easy and reliable. Moreover, you can simply upload extensions straight through your forum interface, which makes things even easier. Additionally, we use XML extensions which are both safe, and reliable. Unlike forums that use PHP extensions that can pose a security risk, the Aura parser will turn the XML into valid PHP code, store it on the server and cache it with minimal memory load. Extensions with Aura are very easy to install, use and change, built with simplicity for the end-user in mind.

Creating Communities has never been this easy! Light up your community today by choosing Aura.