@gotwf You are absolutely right. I certainly agree with you a dedicated tool instead of built-in with NodeBB will be better.
What I argue is that the platform software community like NodeBB comes up with customization or a collection of recommendation of existing tool-sets that will get the deployment security to the certain level. For example, common mistakes of new admins of NodeBB: if you've uses NodeBB default password for the admin password, or turned on Sandbox feature that's not meant for production.
And thank you for your list of tools. That's very helpful.
Today's article will be a short how-to guide regarding a common problem with horizontally scaled NodeBB installations:
In a deployment environment with more than one NodeBB server, locally uploaded files (post images, avatars, etc) are split between the application servers, and n-1/n images will always be missing, where n is the number of servers