MyBB was supposed to be the free forum software that could rival the commercial giants. Open source, community-driven, and genuinely well-designed when it launched in 2002. Twenty-three years later, the dream version (2.0) was abandoned after six years of failed development, the 1.8 branch has accumulated over 270 security vulnerabilities since 2005, and the project lead at The Admin Zone described it plainly in November 2025: “The project is virtually dead.”
This article looks at where MyBB actually stands today, what went wrong, and what your options are if your community still runs on it.
The MyBB 2.0 Saga: Six Years, Zero Release
The story of MyBB 2.0 is one of the most documented failures in open-source forum software history. Here is the timeline:
- 2014: The MyBB 1.8 series launches. It is explicitly described as a “bridge” to version 2.0, which would be a complete rewrite.
- 2015: Dev blog posts announce that 2.0 will be built on the Laravel PHP framework. Pre-alpha development begins in private. “Currently no public timeframe is on the table.”
- 2015-2021: Periodic dev blog updates promise progress. Alpha releases are mentioned but never materialize. The community asks repeatedly for dates and is told: “It will be ready when it is ready.”
- ~2022: After six years of development, the Laravel rewrite is abandoned. The team moves back to the original codebase.
- 2023-2024: Focus shifts to version 1.9 (new responsive theme, Twig template engine). Only three developers remain active.
- 2025: A long-time community member and former contributor writes the post-mortem at The Admin Zone.
MyBB was a great forum platform. Fast, intuitive and the codebase was fairly clean. But now the project is virtually dead. My frustration with the dev team has reached its peak. I tried to hammer some common sense into their heads as far back as 2016, when they decided to release the next version by moving the project to Laravel, which is a massive convoluted bloatware. They did not listen. It took them 6 years of unsuccessful development before they finally abandoned Laravel.
Long-time MyBB contributor, The Admin Zone, November 2025
The 1.8 series was never meant to be the final version. It was a stopgap. But with 2.0 dead and 1.9 still in development, 1.8 became the permanent reality for every MyBB community. A “bridge” that turned into the destination.
The Security Record: 270+ Vulnerabilities and Counting
This is not a theoretical concern. MyBB has one of the most extensively documented security vulnerability histories of any forum software.
By the numbers: Since the first stable release in 2005, over 270 security flaws have been patched across 87 versions of MyBB. According to MyBB’s own blog post analyzing the data, 88% of all releases were security-related fixes. In 2025 alone, 11 new security vulnerabilities were published with an average severity score of 7.0 out of 10.
The most devastating documented exploit was a chained Remote Code Execution (RCE) attack reported by Sonar (formerly SonarSource) in 2021. Two vulnerabilities, a stored XSS bug (CVE-2021-27889) and an SQL injection (CVE-2021-27890), could be chained together to give any unprivileged forum user complete control over the entire MyBB installation. The attack required nothing more than sending a crafted private message to an administrator.
A sophisticated attacker could develop an exploit for the Stored XSS vulnerability and then send a private message to a targeted administrator of a MyBB board. As soon as the administrator opens the private message, on his own trusted forum, the exploit triggers. An RCE vulnerability is automatically exploited in the background and leads to a full takeover of the targeted forum.
Sonar (SonarSource), MyBB Remote Code Execution Chain analysis, 2021
And in January 2026, the real-world consequences of MyBB’s security track record made international headlines. BreachForums, one of the largest cybercrime marketplaces on the internet, was running MyBB. A misconfiguration during a restoration process exposed 324,000 user records including usernames, hashed passwords, email addresses, IP addresses, and PGP keys. The breach was traced directly to the MyBB software layer.
What Else Is Missing
Even if the security record were clean, MyBB today is missing every modern feature that active communities have come to expect:
- No AI features of any kind (no semantic search, no AI moderation, no translation, no chat assistant)
- No responsive default theme in the stable 1.8 branch (the promised responsive theme is part of 1.9, which has not shipped)
- Only 5 languages natively supported (English, German, Spanish, Vietnamese, Portuguese)
- Plugin ecosystem is aging, with G2 reviewers noting “available plugins are pretty limited” and “load time increases exponentially” with plugin use
- No modern layout system (single classic threaded view)
- No official REST API
- No integration with WordPress, WooCommerce, or modern CMS platforms
- The last stable release (1.8.38) shipped on April 30, 2024, over 13 months ago
Due to too many plugin integrations, the load time increases exponentially. Available plugins are pretty limited for a new user like me. I have faced the interface lags due to low maintenance, probably.
G2 verified reviewer, 2025
Is Anyone Still Using MyBB?
Yes. MyBB still powers a meaningful number of forums, particularly hobbyist communities, gaming forums, and niche interest boards that launched in the 2005-2015 era. The software is genuinely good at what it was designed for in that era: a lightweight, self-hosted, free forum with a clean admin panel and reasonable performance.
The problem is not what MyBB was. It is what it cannot become. With three active developers, a failed 2.0 rewrite, a 1.9 that has not shipped, and a security track record that averages roughly three CVEs per year across the last decade, the trajectory is clear. Every month your community stays on MyBB is a month closer to a security patch that does not arrive in time, or a hosting environment that moves past what the aging codebase supports.
Where Should You Migrate?
The MyBB Merge System (their official import tool) has been intermittently supported and unsupported over the years. Third-party migration services offer a more complete and reliable path. Here are three options depending on your goals.
If you want a modern WordPress forum: wpForo
wpForo 3.1 is the most feature-complete WordPress forum plugin available. It ships with a full 360° AI suite covering semantic search, AI content moderation, real-time translation in 100+ languages (compared to MyBB’s 5), an AI chat assistant, and topic summarization. Five modern layouts, multi-board, reputation system, 100+ free features. Updated within the last week. If you want your community inside WordPress, this is the standard.
See MyBB to wpForo migration →
If you want a standalone commercial platform: XenForo
XenForo is the go-to for large, high-traffic communities. Built by the original vBulletin lead developers, it runs on its own PHP/MySQL stack with industry-leading performance. A perpetual license starts at $160. XenForo has a built-in MyBB importer for direct migration. If your community needs maximum performance and a deep extension marketplace, this is where most large MyBB forums end up.
See XenForo migration services →
If you want to stay free and open source: phpBB
phpBB shares MyBB’s DNA as a free, self-hosted PHP forum, but with a dramatically larger community, extension marketplace, and development team. It supports 50+ languages natively, has been battle-tested at massive scale, and has a more consistent security update cadence. If “free and open source” is non-negotiable, phpBB is the natural next step.
See phpBB migration services →
The Bottom Line
MyBB earned its place in forum software history. It was free, it was clean, and for over a decade it was genuinely the best option in its category. But a six-year failed rewrite, 270+ security vulnerabilities, a development team reduced to three people, and no path to modern features like AI moderation or real-time translation make it a platform to migrate away from, not toward.
Your community’s posts, users, and history deserve a platform that is actively moving forward. The migration is more straightforward than you expect, and every major alternative has a documented import path from MyBB.