adt2's picture

Okay - I have Turnkey MediaWiki up and running, and, thanks to a helpful poster here, I am able to access it from the outside world (i.e. outside my router/firewall). Before I go all willy-nilly advertising my new wiki to god and everybody, I assume there are some security-related setup tasks that I should take care of. TKMW installation went so fast and easy that I don't recall having to set access control levels, or add users, or anything like that. Seems like I had to enter one password, and bam! Installation complete (actually a compliment to the TK folks - this really is brain-dead simple).

Just wondering about any 'best-practice' sort of ideas for setting things up securely. As always, thanks in advance for any advice you can offer.

Forum: 
Liraz Siri's picture

TurnKey MediaWiki, like other appliances comes preconfigured, so you don't have to mess around with the appliances too much after you install. The default is fine.

In production you'll probably want to change the admin password of course.

Liraz Siri's picture

BTW, if you want to go the extra mile securing your appliance you'll want to do regular backups (so you can always rollback after an incident) and disable anything you don't use/need on your site (e.g., services, extensions, etc.). You don't have to do that but it will reduce the attack footprint of your appliance, so if there's a new vulnerability in one of these components it may not apply to you.
adt2's picture

What, exactly, should I back up? I logged into the Webmin console last night for the first time; being a Linux newbie, it was all pretty confounding. Is there a particular directory, folder or file that contains the actual MediaWiki contents? I'd definitely like to back that up on a regular basis.
adt2's picture

Duh - didn't think of just backing up the whole VM. I guess that would be easiest. Thanks for your help.

Add new comment