Difference between revisions of "WikiServer - Securing the Wiki"
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
There are a number of settings and tweaks that can save you grief while maintaining your wiki. | There are a number of settings and tweaks that can save you grief while maintaining your wiki. | ||
− | === '''Item #1''' try hard not to be bored during the install... === | + | ==='''Item #1''' try hard not to be bored during the install...=== |
[[File:Dontbebored.png|frameless|600x600px]] | [[File:Dontbebored.png|frameless|600x600px]] | ||
− | === '''Item #2''' disallow edits === | + | ==='''Item #2''' disallow edits=== |
by anyone who is not logged in with a valid account. This is done by choosing "'''Authorised editors only'''" as the '''User rights profile.''' | by anyone who is not logged in with a valid account. This is done by choosing "'''Authorised editors only'''" as the '''User rights profile.''' | ||
Line 11: | Line 11: | ||
The default, '''Open wiki''', is pretty much asking for spam & chaos... | The default, '''Open wiki''', is pretty much asking for spam & chaos... | ||
− | === '''Item #3''' account creation control. === | + | ==='''Item #3''' account creation control.=== |
A good starting point to manage account creation (albeit manually...) is to add <code>$wgGroupPermissions['*']['createaccount'] = false;</code> to your '''LocalSettings.php''' (which is hiding out in <code>/etc/var/html/wiki</code> on a stock-standard install) | A good starting point to manage account creation (albeit manually...) is to add <code>$wgGroupPermissions['*']['createaccount'] = false;</code> to your '''LocalSettings.php''' (which is hiding out in <code>/etc/var/html/wiki</code> on a stock-standard install) | ||
Using this method, it takes an Administrator to actually create a new account. | Using this method, it takes an Administrator to actually create a new account. | ||
+ | |||
+ | ===Further thoughts=== | ||
+ | There are a large number of further items in the [[mediawikiwiki:Manual:MediaWiki_Security_Guide|documentation]], including plugins & add-ons to enhance security. | ||
+ | |||
+ | The 3 items listed here are a good starting point tho. | ||
+ | |||
+ | <br /> |
Latest revision as of 01:55, 13 July 2020
There are a number of settings and tweaks that can save you grief while maintaining your wiki.
Contents
Item #1 try hard not to be bored during the install...
Item #2 disallow edits
by anyone who is not logged in with a valid account. This is done by choosing "Authorised editors only" as the User rights profile.
The default, Open wiki, is pretty much asking for spam & chaos...
Item #3 account creation control.
A good starting point to manage account creation (albeit manually...) is to add $wgGroupPermissions['*']['createaccount'] = false;
to your LocalSettings.php (which is hiding out in /etc/var/html/wiki
on a stock-standard install)
Using this method, it takes an Administrator to actually create a new account.
Further thoughts
There are a large number of further items in the documentation, including plugins & add-ons to enhance security.
The 3 items listed here are a good starting point tho.