TurnKey Linux Virtual Appliance Library

Proper way to secure MediaWiki installation?

Okay - I have Turnkey MediaWiki up and running, and, thanks to a helpful poster here, I am able to access it from the outside world (i.e. outside my router/firewall). Before I go all willy-nilly advertising my new wiki to god and everybody, I assume there are some security-related setup tasks that I should take care of. TKMW installation went so fast and easy that I don't recall having to set access control levels, or add users, or anything like that. Seems like I had to enter one password, and bam! Installation complete (actually a compliment to the TK folks - this really is brain-dead simple).

Just wondering about any 'best-practice' sort of ideas for setting things up securely. As always, thanks in advance for any advice you can offer.

Liraz Siri's picture

Change the admin password

TurnKey MediaWiki, like other appliances comes preconfigured, so you don't have to mess around with the appliances too much after you install. The default is fine.

In production you'll probably want to change the admin password of course.

Liraz Siri's picture

Going the extra mile

BTW, if you want to go the extra mile securing your appliance you'll want to do regular backups (so you can always rollback after an incident) and disable anything you don't use/need on your site (e.g., services, extensions, etc.). You don't have to do that but it will reduce the attack footprint of your appliance, so if there's a new vulnerability in one of these components it may not apply to you.

What, exactly, should I back

What, exactly, should I back up? I logged into the Webmin console last night for the first time; being a Linux newbie, it was all pretty confounding. Is there a particular directory, folder or file that contains the actual MediaWiki contents? I'd definitely like to back that up on a regular basis.

Thanks

Duh - didn't think of just backing up the whole VM. I guess that would be easiest. Thanks for your help.

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)