Hi i have a friend who insists i remove the calendar.php from my vbulletin. He says it will help stop anyone hacking my site.

Is this true? im on Vbulletin 3.54 -

I haven't come across any evidence to support that claim. In any case, the vB official and partner sites have the Calendar enabled as well as many customers. For your assurance, if an exploit is found they'll be on top of it like flies on manure. :)

OK. Not the best example but... :D

I have been using vBulletin for a very long time and I have yet to see anyone hack it. And I seriously doubt removing calendar.php has any effect (unless an exploit using calendar.php is found).

Some years ago on vB 2.x there was a security flaw in the calendar which was quickly patched in the normal way.

Current vB calendars are as secure as the rest of the software. There's no need to remove it.

I wouldn't worry about it

99% of the times I've seen someone post that their vb was hacked,, it was in fact that they where key-logged..
vb is very secure, and if an exploit is found, it's patched very quickly ;)

Ive heard in the past its a minor bug? No harm done though