Media Wiki Security Concepts

From NovaOrdis Knowledge Base
Jump to navigation Jump to search





User Rights Profile

Open wiki

The Open wiki model allows anyone to edit, without even logging in.

Account creation required

A wiki with "Account creation required" provides extra accountability, but may deter casual contributors.

Authorized editors only

The "Authorized editors only" scenario allows approved users to edit, but the public can view the pages, including history.

Private wiki

A "Private wiki" only allows approved users to view pages, with the same group allowed to edit. A user that does not authenticate is not allowed to access anything on the server.


Disable reading by anonymous users:

$wgGroupPermissions['*']['read'] = false;

To allow anonymous users access to the login page:

$wgWhitelistRead = array ("Special:Userlogin");


Controlled by LocalSettings.php. To disable anonymous editing:

$wgGroupPermissions['*']['edit'] = false;

Account Creation

Controlled by LocalSettings.php:

$wgGroupPermissions['*']['createaccount'] = false;

This prevents account creation by anyone (logged in or not), except by sysops.


The Media Wiki users, including administrators are maintained in the database in the user table.


The username of the wiki administrator. Spaces are accepted ("John Doe"). A user is administrator by belonging to the sysop</group>. The association is maintained in the user_groups table.

Administrator Account Email Address