If you are using OSMC in a home environment, your system will be secure in its default configuration. We have written some guidelines to help explain how to keep OSMC secure and which precautions should be undertaken if you customise your OSMC environment.
If you are port forwarding services to access them remotely (outside of your home), we recommend that you change any default passwords. We also recommend that you keep your system up to date to ensure that you have the latest security fixes. We would suggest changing the default port numbers to higher port numbers. While security by obscurity is not recommended, it will reduce any potential attack surface.
We do not recommend port forwarding Kodi's built-in webserver at this time.
Public and untrusted networks
If you are using OSMC on an untrusted network, such as a public WiFi connection, then you should ensure that you change any default passwords. You should also change any passwords for any OSMC Apps that you install as well, e.g. the TVHeadend server or Samba server.
Using third party add-ons
OSMC cannot endorse third party add-ons nor vouch for their safety or efficacy. If you experience problems with your OSMC set up, then disabling add-ons individually usually helps identify a problem.
We recommend that you use some of these add-ons at your own risk. If you have questions or issues with a third party add-on, you should contact the developer of the add-on for support.
Recently, there have been an increasing number of malicious add-ons in circulation. We recommend that you search and learn more about any add-on before you install it.