Mediawiki/Hardening
From r00tedvw.com wiki
Disable user self registration
Add the following to LocalSettings.php
# Prevent new user registrations except by sysops $wgGroupPermissions['*']['createaccount'] = false;
Uploads Dir security
add to the bottom of your Virtual site config, before you close it:
<Directory /var/www/yoursite.com/wiki/images/> # Ignore .htaccess files AllowOverride None # Serve HTML as plaintext, don't execute SHTML AddType text/plain .html .htm .shtml .php # Don't run arbitrary PHP code. php_admin_flag engine off # If you've other scripting languages, disable them too. </Directory>
remove database password from LocalSettings.php
Its not a good idea to have the database password within a file that lives in the document root. Should a problem happen, like php crashes, and php files can be downloaded or served in plain text, you've just had your security compromised.
Start by creating a folder and file that lives outside of the document root and its children. For example, if your document root is /var/www/
then you'll want to do something like this:
~$ sudo mkdir /var/security/ ~$ sudo chown www-data:www-data /var/security ~$ sudo chmod 644 /var/security ~$ sudo vi /var/security/passwords.php ~$ sudo chown www-data:www-data /var/security/passwords.php ~$ sudo chmod 644 /var/security/passwords.php
Now with the files created, modify LocalSettings.php and add:
#including separate file that contains the database password so that it is not stored within the document root. require_once "/var/security/passwords.php";
Finally, within the new file we've created outside of the document root, define your variables that Mediawiki still needs, such as:
$wgDBpassword = $wgSecretKey =