Warning: include_once(/home/mahalie/23rdworld.com/wp-content/plugins/wordpress-support/wordpress-support.php): failed to open stream: Permission denied in /home/mahalie/23rdworld.com/wp-settings.php on line 221

Warning: include_once(): Failed opening '/home/mahalie/23rdworld.com/wp-content/plugins/wordpress-support/wordpress-support.php' for inclusion (include_path='.:/usr/local/lib/php:/usr/local/php5/lib/pear') in /home/mahalie/23rdworld.com/wp-settings.php on line 221
23rd World » How To Make Your MediaWiki Private

How To Make Your MediaWiki Private

USE THIS INFORMATION AT YOUR OWN RISK. Any information found on this website is offered only as informational and includes no warranty, guarantees or support. The author claims no authority on any subject whatsoever.

I've been using an amalgamation of hacks to track all the information I want to be able to recall later: del.icio.us for bookmarks, gmail for contacts and random notes, private blog entries for some organized content, and tracks for tracking projects. Blech. It's just too much. My memory is too weak. What I really want is a comprehensive PIM (Personal Informatio Manager). And so I installed MediaWiki because that's what Wikipedia uses and that's what Dreamhost offers as a One-Click Install (e.g. the path of least resistance).

I thought I'd share with you all the the process of customizing the default install to create a private wiki. Following are the specifics to my install but this will probably be helpful to many with a different host or newer version.

  • Create a subdomain for your MediaWiki install, such as, wiki.yourdomain.com. Select PHP 5.x (not 4.4.2) and leave Extra Web Security.
  • Install MediaWiki. Dreamhost walks you through this and it's also covered at the Dreamhost Wiki so I'm not going to go into detail here. But be sure to move the newly generated LocalSettings.php to the parent directory, and delete the config directory with its content.
  • Chmod LocalSettings.php to 600
  • Create a backup copy of LocalSettings.php, rename it something like .BAK instead of .PHP or something. Put it back in your Wiki install directory right away so it's safe and available if you need it later.

Restrict Wiki Access

Before bothering to put up our own cute logo or other fun stuff like enabling image linking and using clean urls, we're going to lock down our install. I didn't find a lot for this particular intent on the official MediaWiki Docs or the Dreamhost Wiki, but I did find this old Meta Wiki Article

  • Prevent new user registrations. Add the following line to the bottom of LocalSettings.PHP:
    # This snippet prevents new registrations from anonymous users
    # (Sysops can still create user accounts)
    $wgGroupPermissions['*']['createaccount'] = false;
  • Make sure it's working by trying to create an account. You should receive an error message that says username not found, please create an account. To change the message login as yourself (you should have set up a Sysop login when you configured your wiki) and point your browser to wiki.yourdomain.com/index.php?title=MediaWiki:Nosuchuser&action=edit.
    I changed my message to:
    There is no user by the name "$1". This wiki is private and therefore closed to new accounts. Please contact Mahalie if you have any questions.
    I intentionally failed to provide contact information. If a user doesn't even know how to contact me, they really don't need an account on my private wiki!
  • Prevent anonymous users from reading by adding the following to LocalSettings.php: # Disable reading line, for anonymous (not-logged-in => * ) :
    $wgGroupPermissions['*']['read'] = false;

    # ... and enable anonymous to read the followings pages :
    $wgWhitelistRead = array( "Main Page", "Special:Userlogin", "-", "MediaWiki:Monobook.css" );

    # ... same in an other language (French, with one UTF-8 special characteres) :
    # $wgWhitelistRead = array( "Page Principale", "Special:Userlogin", utf8_encode('Aide en français'));
  • Verify setting by logging out of your wiki and attempting to browse. You should get a 'Login Required. You must login to view other pages.' when clicking on any local link and the page should redirect to the main page after a few seconds.
  • If you want to hide the side navigation if the user isn't logged in (because, perhaps you have private project names or something) edit includes/Skin.php and change the function buildSidebar(). Add these lines near the very top, after the globals.: global $wgUser; if (! $wgUser->isLoggedIn()) { return array(); } This will hide the navigation on sup-pages (not the default main page)

p.s. WebWorkerDaily just published 15 Productive Uses for a Wiki in case you're wondering why someone would want to do this!

Update: Check out a new tutorial on Lifehacker, Customize Mediawiki Into Your Ultimate Collaborative Website - it's not a PIM implementation but it offers some good information on quickly re-skinning and mods to consider.

56 Comments »

  1. techguy said,

    July 16, 2007 @ 10:45 pm

    Why not just set an apache password on that folder? I know it’s not perfect, but should be enough privacy for most people who want to secure their wiki, no?

  2. mahalie said,

    July 17, 2007 @ 7:57 am

    One could consider it overboard, but this way there’s a nice landing page for those who land on your wiki accidentally and if you want your significant other or friends to have access, or have a small group wiki (semi-private) for whatever reason then every person just uses their login. If you secure the directory people would have to login twice.

  3. Maarten said,

    August 28, 2007 @ 11:02 pm

    Thanks for this.

    It wasn’t immediately obvious to me how to create user accounts, and nothing helpful shows up in the list of special pages. The answer is that if you log in as a Sysop and go to Special:Userlogin, then click the Create New Account link, you can generate new accounts and use the email button to email out the password. (Tested with 1.10.1)

  4. kentster said,

    August 30, 2007 @ 1:54 am

    This will still allow a user to edit the main login page without being logged in.

    you can add
    $wgGroupPermissions['*']['edit'] = false;

    Tested in 1.10.1

  5. John said,

    February 20, 2008 @ 9:52 pm

    Adding the following line does not work:

    $wgGroupPermissions[’*'][’createaccount’] = false;

    I just get a blank page when I try and access the wiki. Your information is null and void and your sir are an ass.

  6. mahalie said,

    February 21, 2008 @ 9:38 am

    @John – brilliant feedback. This will really encourage everyone to try and fix your problem. In any case, I’m a miss, or a maam I guess if you want to get cute. This article is an informal draft, as stated, and I only share what worked for me. I’m happy to fix or update it if there are any useful suggestions.

  7. Lionel Brits said,

    February 27, 2008 @ 6:17 pm

    @John,

    Woosh… try replacing smart quotes with regular single quotes. I suspect the blogging software simply mangles the quotes.

  8. mahalie said,

    February 28, 2008 @ 3:13 pm

    Lionel, thanks for the tip. I fixed the fancy quotes.

  9. Preston said,

    March 10, 2008 @ 6:47 pm

    Mahalie, thanks for posting this. It was very helpful. Please ignore the jerks.

  10. Daniel said,

    March 28, 2008 @ 12:55 am

    Absolutely fantastic. Big ups for this informative post. The comments are all very helpful as well. Keep it up! ^_^\\

  11. Andrew Caforuek said,

    April 8, 2008 @ 8:29 am

    You rock…setting up an internal company wiki on a subdomain and it took waaay to long for me to find this! Glad I did, thanks!

  12. mahalie said,

    April 8, 2008 @ 10:39 am

    Hey Andrew, glad you found it. I’m looking at setting up wikis for work as well but decided against MediaWiki because it doesn’t really support Ldap. Because we have over 200 employees and there’s always some coming and going we really can’t manage users in more than one place (LDAP in our case).

    I looked at Plone and think I’ve settled on Drupal, a CMS that has Wiki modules. LDAP integration was easy, but I’m still learning everything else.

    I’d be curious to know what other folks are doing for their intranets…also, is there an intranet community out there somewhere? Seems paradoxical but I’d sure like share what I’m doing and hear from others on the topic.

  13. Jean said,

    April 14, 2008 @ 8:42 am

    thanks for the great tips :)

  14. Justin said,

    May 5, 2008 @ 10:18 pm

    Thank you very much for this helpful tutorial!!
    I’ve been searching for a while until i found your page, awesome.

  15. Evan said,

    May 15, 2008 @ 4:04 pm

    Excellent howto. Thanks! How do you add a new account on the wiki, though, from the sysop account?

  16. 23rd World » Google Doctype Screams “Fork ME!” said,

    May 16, 2008 @ 3:28 pm

    [...] My own private wiki, largely comprised of web development documentation for my own projects, code snippits and links to online resources, is invaluable to me – so the potential benefits of an open wiki of this nature is obvious and I’ve often wondered why there isn’t one (with critical mass) out there already. Certainly this project, or at least the idea of it, could be an invaluable tool to professional web designers and client-side developers. Some take-aways: [...]

  17. mahalie said,

    May 16, 2008 @ 4:39 pm

    Evan, to add a user manually go to http://yourwikidomain.com/index.php?title=Special:Userlogin&type=signup

    You’ll enter a password for the new user and if you put in an email address they will get a confirmation but no password so you’ll want to email them yourself and let them know what that is. I’m sure this is all configurable but I haven’t bothered with it yet as I gave only 2 other people access to mine.

    To find that link again later click ‘Special Pages’ and go to ‘Log in / create account’.

  18. Marc B said,

    June 30, 2008 @ 12:19 pm

    What does Chmod LocalSettings to 600 mean?

    I have a wiki on a subdomain that I want to make private, and I think I understand the rest of the install….

  19. Dan Z said,

    July 2, 2008 @ 8:56 am

    Awesome tutorial, thanks Mahalie. This was the quick and dirty I needed on using MediaWiki in a private configuration to tip the scales from installing Twiki to MediaWiki. Thanks!

  20. mahalie said,

    July 2, 2008 @ 10:02 am

    @Marc – probably the simplest is to do this through your FTP client (I use FileZilla) – go to the directory of the file, right click it and you can change the file permissions to 600 or uncheck everything except read/write for the Owner only.

    If you work on *nix servers a lot you may find it easier to do this via the command line (you can ssh in using puTTy or whatevs) and chmod is the command you enter.

    You may want to check out the Chmod page on the Dreamhost wiki for more info.

  21. Katrine said,

    July 5, 2008 @ 4:57 pm

    Just for the record, we’ve set up a private mediawiki for documentation in our IT-departement, wich is integrated with Microsoft Active Directory. So we use our windows server username/password for logging in to the wiki… Not sure if you use Microsoft AD, but I am almost certain that LDAP can be used with MediaWiki…

    Nice work however, thanks for the input…

  22. pete said,

    July 14, 2008 @ 8:25 pm

    mahalie

    as always the internet community is always a great resource! I managed to add your changes simply and easily to a fresh install of mediawiki. One thing I’m not sure I understand – does this also prevent searchbots from browsing/caching content?
    Once a user has logged in and a page is rendered, it is only available to that user in their browser session, correct? So applying any further Apache mods is unnessary….

    Thnxs again

  23. Installing MediaWiki « Making CommunitySense said,

    August 2, 2008 @ 6:45 am

    [...] After their installation, I only had to make some small changes to the LocalSettings.php configuration file, in order to get the right privacy settings. This turned out to be really simple with the help of the following document: How to make your MediaWiki private? [...]

  24. max said,

    August 20, 2008 @ 12:34 am

    works fine ;) thx

  25. Steve said,

    August 25, 2008 @ 3:08 am

    Thanks for this, it worked a treat. I just used it for closing off the site until I was able to launch with more built pages.

  26. Christian Saborio said,

    October 13, 2008 @ 11:09 pm

    Thanks much for this, appreciate it!

  27. Chris said,

    November 25, 2008 @ 3:31 pm

    Thank you for this guide! It worked perfectly. I didn’t set up a wiki for a company, but I set it up for a place to keep myself organized and also store any information I think I’ll need in the near future.

    Thank you.

  28. mahalie said,

    December 19, 2008 @ 11:17 am

    @pete – .htaccess takes care of bots. No one is crawling your wiki, at least not the pages that aren’t publicly accessible.

    @katrine & all – would love to see a tut on working with LDAP/AD. It’s not my strong suit to be sure! I did read a bit on one hack for this but there were so many mods it would make upgrading the MediaWiki install a painful chore.

  29. Geared said,

    January 14, 2009 @ 2:05 pm

    @Anyone looking to implement Wikis for projects or company use

    I had been looking for a wiki for a long time to use as a collaborative tool for internal purposes only and I had originally turned to mediawiki because it is known and already available by our web hosts. However I learned that it is difficult to restrict public access and provide implement it into our server for internal development.

    However I stumbled across TWiki which was designed specifically for projects and collaboration for development. I am setting this up as I write this as a possible long term solution but to relieve more immediate needs. It looks like it provides support to restrict access to groups so it would be very easy to deny public access and make user for yourself or internal collaboration.

    @mahalie
    This is still a great tutorial and I may end up coming back to use it if I TWiki is not the solution I think it is.

    Also I think it is a great idea to user Drupal as a tool to develop an internal structure for colloboration and development. That is my current long term goal, to setup Drupal to act as our web server, but also an internal structure for employees and company information. Drupal is rich and I encourage anyone looking toward similar goals to take a look at it. I have not actually seen any outstanding Wiki Modules but I am looking to implement one using the resources that are already there.

    I will be setting up a Group soon to work on an installation profile for Drupal to include Drupal Stable Core, CRM (Provbably CiviCRM), and separate Wiki database so you can backup and import the wiki separately. If you are interested in helping or want to follow up on the progress, I will be starting shortly. You can contact me or follow the group at Drupal.org. My user name there is Geared.

  30. Phil said,

    April 10, 2009 @ 6:02 pm

    thanks for this – exactly what i was looking for and easy to follow. I ve just setup mediawiki fresh and this was the first thing I changed and seems to work perfectly.

  31. Innes said,

    May 23, 2009 @ 6:24 pm

    This seems really good, and judging by the fact that everyone is having success with it would tend to suggest I have done something wrong! Whenever I try to access the site, it won’t even redirect me to the Main_page, it just sits on the domain :/
    I have entered this, as directed above, to the bottom of the LocalSettings.php:

    # This snippet prevents new registrations from anonymous users
    # (Sysops can still create user accounts)
    $wgGroupPermissions['*']['createaccount'] = false

    Disable reading line, for anonymous (not-logged-in => * ) :
    $wgGroupPermissions['*']['read'] = false;

    # … and enable anonymous to read the followings pages :
    $wgWhitelistRead = array( “Main Page”, “Special:Userlogin”, “-”, “MediaWiki:Monobook.css” );

    $wgGroupPermissions['*']['createaccount'] = false;

    I also made sure that there weren’t any smart quotes in there, but no luck. Just to clarify, it works fine with the normal LocalSettings, so something I have changed is making the system unhappy… Help?!

  32. Fady said,

    May 24, 2009 @ 12:43 pm

    You should have this line only once and you should have it right (i.e. with semicolon) $wgGroupPermissions['*']['createaccount'] = false;
    the missing semicolon is the thing causing you trouble.

    Btw, great info, mahalie!! Thanks a lot.

  33. Peter Anticue said,

    July 22, 2009 @ 8:03 am

    Hey Mahalie,

    This is great info – it worked fine on my MediaWiki (v1.15.0).
    Thanks for your effort – it was just what I needed and saved me lots of time.

    Cheers,
    Peter

  34. Peter Anticue said,

    July 22, 2009 @ 8:05 am

    Oh also wanted to add – here’s a link to the official MediaWiki site on the same topic. It’s got loads of info, so if Mahalie’s draft above and the comments don’t seem to help you, try here:
    http://www.mediawiki.org/wiki/Manual:Preventing_access

  35. mahalie said,

    July 22, 2009 @ 8:41 am

    Thanks for the info Peter, to tell you the truth I’m surprised people are still using this article since it’s so old. I’m glad it’s still helpful. I hope this means I can upgrade MediaWiki easily ;)

  36. Olrik Lenstra said,

    December 19, 2009 @ 4:46 am

    Thank you for the useful information!

    Regards,
    Olrik

  37. Justin said,

    February 19, 2010 @ 3:51 am

    Excellent work and thanks for your detailed help. Much appreciated.

  38. Don said,

    April 8, 2010 @ 11:04 am

    Thanks alot for the detailed instructions it works great however I am having a problem with files. If I have a thumbnail on a page and I click on it to go to the file page it tells me I have to be logged in. I am already logged in so have you seen this issue before? Do you know if there is a fix for it?

    After clicking on the image I get something like FILE:example.jpg

    Thanks again for the tutorial and for any help you may be able to provide in solving this issue.

    Don

  39. mahalie said,

    April 8, 2010 @ 11:43 am

    I haven’t see this behavior personally…I have a few linked images and files (PDFs and the like) and they work fine (no need to re-login). Are you using the Wiki markup for linking to an image…like: [[:Image:GUI dev example.jpg|GUI Development in Progress]]

    Also, do you happen to be on a wireless/mobile internet connection. I wonder if your IP address is changing or you only have the login problem with images?

    One other thing to check is file permissions on images. Oh yes, actually I vaguely remember having to add something to the config files when I wanted to start linking to images…let’s see if I can find that again…

  40. mahalie said,

    April 8, 2010 @ 11:55 am

    Looking at my LocalSettings.php it sounds like you have uploading working, it’s just viewing them that’s resulting in an authentication issue? Be sure to check the official docs to make sure you have everything properly configured:
    http://www.mediawiki.org/wiki/Manual:Configuring_file_uploads

    I don’t have anything unusual for file uploads in my setup, just the usual chmod 755 of the images directory and settings to enable uploads and certain file extensions I use a lot. (See instructions in link above).

  41. Don said,

    April 8, 2010 @ 1:55 pm

    Thanks for the quick reply. I am not on a wireless the log in issue only happens when the site tries to go to pages FILE:something. I think that it has something to do with the FILE namespace being blocked somehow. Let me know if you need anymore info.

  42. Steve said,

    April 20, 2010 @ 12:04 am

    Worked like a charm, thanks for the info!

  43. TheCTOSian said,

    May 17, 2010 @ 9:44 am

    Hi,
    … It all worked in my 1.15.3 installation except:
    When I tested the system message at …/index.php?title=MediaWiki:Nosuchuser&action=edit it didn’t work.
    I delved a little further and discovered ../index.php?title=MediaWiki:Nosuchusershort

    Changed that and all went well.

    Many thanks for this… A really useful Tutorial.

  44. jp said,

    June 25, 2010 @ 8:01 am

    Worked well on 1.15.4

    Thanks!

  45. AntonioR said,

    June 30, 2010 @ 1:49 pm

    Fantastic guide. Thanks!

  46. dvn said,

    September 10, 2010 @ 4:46 am

    Is there a way to restrict to site to a smaller group of user only? Right now mine is accessible by anyone with the company account but i would like to make available to my group only.
    It was a great tutorial by the way.

  47. Whitewall said,

    December 15, 2010 @ 12:14 pm

    Many thanks, works great. Going to use this to create a company wiki where only the Admin can create new users, and only users can view pages.

    Thanks again!

  48. Jeroen said,

    April 18, 2011 @ 4:38 pm

    Thanks for this tutorial! :) it helped me!!! :) ur a hero!

  49. David Buchan said,

    September 27, 2011 @ 9:22 pm

    In addition to your suggestions, I modified wiki.yourdomain.com/index.php?title=MediaWiki:Loginreqpagetext to be consistent with the text you have in the nonsuchuser page. That way, any page landed on says it’s a private site and that you need to login for access. I’ve hidden Main Page as well.

  50. mahalie said,

    September 29, 2011 @ 10:58 am

    Thanks for sharing. Glad to hear these instructions are still useful. Your install is looking good :D

  51. no2pencil said,

    March 20, 2012 @ 12:46 am

    2012 & still running strong! I found this page incredibly useful for locking down our wiki that’s begin sued for a knowledgebase. Thank you for taking the time to share this information!

  52. no2pencil said,

    March 20, 2012 @ 12:47 am

    2012 & still running strong! I found this page incredibly useful for locking down our wiki that’s begin used for a knowledgebase. Thank you for taking the time to share this information!

    ** fixed a type-o, we’re not being sued, it’s being used **

  53. Sundeep said,

    March 30, 2012 @ 6:27 pm

    This article is great, worked like a charm!

  54. Simon Reed said,

    August 22, 2012 @ 1:08 pm

    Thank you. I couldn’t find “How to prevent user creation” anywhere in the documentation.

  55. Bob Sander-Cederlof said,

    May 9, 2013 @ 4:08 pm

    Thanks! This page is still helpful in 2013!

  56. Ronan said,

    November 1, 2014 @ 10:48 am

    And in 2014!

RSS feed for comments on this post · TrackBack URI

Leave a Comment