Mediawiki/Hardening
From r00tedvw.com wiki
(Difference between revisions)
(Created page with "==Disable user self registration== Add the following to LocalSettings.php # Prevent new user registrations except by sysops $wgGroupPermissions['*']['createaccount'] = false;") |
|||
| Line 3: | Line 3: | ||
# Prevent new user registrations except by sysops | # Prevent new user registrations except by sysops | ||
$wgGroupPermissions['*']['createaccount'] = false; | $wgGroupPermissions['*']['createaccount'] = false; | ||
| + | ==Uploads Dir security== | ||
| + | add to the bottom of your Virtual site config, before you close it: | ||
| + | <Directory /var/www/yoursite.com/wiki/images/> | ||
| + | # Ignore .htaccess files | ||
| + | AllowOverride None | ||
| + | # Serve HTML as plaintext, don't execute SHTML | ||
| + | AddType text/plain .html .htm .shtml .php | ||
| + | # Don't run arbitrary PHP code. | ||
| + | php_admin_flag engine off | ||
| + | # If you've other scripting languages, disable them too. | ||
| + | </Directory> | ||
Revision as of 00:33, 12 October 2014
Disable user self registration
Add the following to LocalSettings.php
# Prevent new user registrations except by sysops $wgGroupPermissions['*']['createaccount'] = false;
Uploads Dir security
add to the bottom of your Virtual site config, before you close it:
<Directory /var/www/yoursite.com/wiki/images/>
# Ignore .htaccess files
AllowOverride None
# Serve HTML as plaintext, don't execute SHTML
AddType text/plain .html .htm .shtml .php
# Don't run arbitrary PHP code.
php_admin_flag engine off
# If you've other scripting languages, disable them too.
</Directory>
