How To Make Your MediaWiki Private

USE THIS INFORMATION AT YOUR OWN RISK. Any information found on this website is offered only as informational and includes no warranty, guarantees or support. The author claims no authority on any subject whatsoever.

I've been using an amalgamation of hacks to track all the information I want to be able to recall later: del.icio.us for bookmarks, gmail for contacts and random notes, private blog entries for some organized content, and tracks for tracking projects. Blech. It's just too much. My memory is too weak. What I really want is a comprehensive PIM (Personal Informatio Manager). And so I installed MediaWiki because that's what Wikipedia uses and that's what Dreamhost offers as a One-Click Install (e.g. the path of least resistance).

I thought I'd share with you all the the process of customizing the default install to create a private wiki. Following are the specifics to my install but this will probably be helpful to many with a different host or newer version.

  • Create a subdomain for your MediaWiki install, such as, wiki.yourdomain.com. Select PHP 5.x (not 4.4.2) and leave Extra Web Security.
  • Install MediaWiki. Dreamhost walks you through this and it's also covered at the Dreamhost Wiki so I'm not going to go into detail here. But be sure to move the newly generated LocalSettings.php to the parent directory, and delete the config directory with its content.
  • Chmod LocalSettings.php to 600
  • Create a backup copy of LocalSettings.php, rename it something like .BAK instead of .PHP or something. Put it back in your Wiki install directory right away so it's safe and available if you need it later.

Restrict Wiki Access

Before bothering to put up our own cute logo or other fun stuff like enabling image linking and using clean urls, we're going to lock down our install. I didn't find a lot for this particular intent on the official MediaWiki Docs or the Dreamhost Wiki, but I did find this old Meta Wiki Article

  • Prevent new user registrations. Add the following line to the bottom of LocalSettings.PHP:
    # This snippet prevents new registrations from anonymous users
    # (Sysops can still create user accounts)
    $wgGroupPermissions['*']['createaccount'] = false;
  • Make sure it's working by trying to create an account. You should receive an error message that says username not found, please create an account. To change the message login as yourself (you should have set up a Sysop login when you configured your wiki) and point your browser to wiki.yourdomain.com/index.php?title=MediaWiki:Nosuchuser&action=edit.
    I changed my message to:
    There is no user by the name "$1". This wiki is private and therefore closed to new accounts. Please contact Mahalie if you have any questions.
    I intentionally failed to provide contact information. If a user doesn't even know how to contact me, they really don't need an account on my private wiki!
  • Prevent anonymous users from reading by adding the following to LocalSettings.php: # Disable reading line, for anonymous (not-logged-in => * ) :
    $wgGroupPermissions['*']['read'] = false;

    # ... and enable anonymous to read the followings pages :
    $wgWhitelistRead = array( "Main Page", "Special:Userlogin", "-", "MediaWiki:Monobook.css" );

    # ... same in an other language (French, with one UTF-8 special characteres) :
    # $wgWhitelistRead = array( "Page Principale", "Special:Userlogin", utf8_encode('Aide en français'));
  • Verify setting by logging out of your wiki and attempting to browse. You should get a 'Login Required. You must login to view other pages.' when clicking on any local link and the page should redirect to the main page after a few seconds.
  • If you want to hide the side navigation if the user isn't logged in (because, perhaps you have private project names or something) edit includes/Skin.php and change the function buildSidebar(). Add these lines near the very top, after the globals.: global $wgUser; if (! $wgUser->isLoggedIn()) { return array(); } This will hide the navigation on sup-pages (not the default main page)

p.s. WebWorkerDaily just published 15 Productive Uses for a Wiki in case you're wondering why someone would want to do this!

Update: Check out a new tutorial on Lifehacker, Customize Mediawiki Into Your Ultimate Collaborative Website - it's not a PIM implementation but it offers some good information on quickly re-skinning and mods to consider.

56 thoughts on “How To Make Your MediaWiki Private”

  1. Why not just set an apache password on that folder? I know it’s not perfect, but should be enough privacy for most people who want to secure their wiki, no?

  2. One could consider it overboard, but this way there’s a nice landing page for those who land on your wiki accidentally and if you want your significant other or friends to have access, or have a small group wiki (semi-private) for whatever reason then every person just uses their login. If you secure the directory people would have to login twice.

  3. Thanks for this.

    It wasn’t immediately obvious to me how to create user accounts, and nothing helpful shows up in the list of special pages. The answer is that if you log in as a Sysop and go to Special:Userlogin, then click the Create New Account link, you can generate new accounts and use the email button to email out the password. (Tested with 1.10.1)

  4. This will still allow a user to edit the main login page without being logged in.

    you can add
    $wgGroupPermissions['*']['edit'] = false;

    Tested in 1.10.1

  5. Adding the following line does not work:

    $wgGroupPermissions[’*'][’createaccount’] = false;

    I just get a blank page when I try and access the wiki. Your information is null and void and your sir are an ass.

  6. @John – brilliant feedback. This will really encourage everyone to try and fix your problem. In any case, I’m a miss, or a maam I guess if you want to get cute. This article is an informal draft, as stated, and I only share what worked for me. I’m happy to fix or update it if there are any useful suggestions.

  7. Absolutely fantastic. Big ups for this informative post. The comments are all very helpful as well. Keep it up! ^_^\\

  8. Hey Andrew, glad you found it. I’m looking at setting up wikis for work as well but decided against MediaWiki because it doesn’t really support Ldap. Because we have over 200 employees and there’s always some coming and going we really can’t manage users in more than one place (LDAP in our case).

    I looked at Plone and think I’ve settled on Drupal, a CMS that has Wiki modules. LDAP integration was easy, but I’m still learning everything else.

    I’d be curious to know what other folks are doing for their intranets…also, is there an intranet community out there somewhere? Seems paradoxical but I’d sure like share what I’m doing and hear from others on the topic.

  9. Thank you very much for this helpful tutorial!!
    I’ve been searching for a while until i found your page, awesome.

  10. Excellent howto. Thanks! How do you add a new account on the wiki, though, from the sysop account?

  11. Evan, to add a user manually go to http://yourwikidomain.com/index.php?title=Special:Userlogin&type=signup

    You’ll enter a password for the new user and if you put in an email address they will get a confirmation but no password so you’ll want to email them yourself and let them know what that is. I’m sure this is all configurable but I haven’t bothered with it yet as I gave only 2 other people access to mine.

    To find that link again later click ‘Special Pages’ and go to ‘Log in / create account’.

  12. What does Chmod LocalSettings to 600 mean?

    I have a wiki on a subdomain that I want to make private, and I think I understand the rest of the install….

  13. Awesome tutorial, thanks Mahalie. This was the quick and dirty I needed on using MediaWiki in a private configuration to tip the scales from installing Twiki to MediaWiki. Thanks!

  14. @Marc – probably the simplest is to do this through your FTP client (I use FileZilla) – go to the directory of the file, right click it and you can change the file permissions to 600 or uncheck everything except read/write for the Owner only.

    If you work on *nix servers a lot you may find it easier to do this via the command line (you can ssh in using puTTy or whatevs) and chmod is the command you enter.

    You may want to check out the Chmod page on the Dreamhost wiki for more info.

  15. Just for the record, we’ve set up a private mediawiki for documentation in our IT-departement, wich is integrated with Microsoft Active Directory. So we use our windows server username/password for logging in to the wiki… Not sure if you use Microsoft AD, but I am almost certain that LDAP can be used with MediaWiki…

    Nice work however, thanks for the input…

  16. mahalie

    as always the internet community is always a great resource! I managed to add your changes simply and easily to a fresh install of mediawiki. One thing I’m not sure I understand – does this also prevent searchbots from browsing/caching content?
    Once a user has logged in and a page is rendered, it is only available to that user in their browser session, correct? So applying any further Apache mods is unnessary….

    Thnxs again

  17. Thanks for this, it worked a treat. I just used it for closing off the site until I was able to launch with more built pages.

  18. Thank you for this guide! It worked perfectly. I didn’t set up a wiki for a company, but I set it up for a place to keep myself organized and also store any information I think I’ll need in the near future.

    Thank you.

  19. @pete – .htaccess takes care of bots. No one is crawling your wiki, at least not the pages that aren’t publicly accessible.

    @katrine & all – would love to see a tut on working with LDAP/AD. It’s not my strong suit to be sure! I did read a bit on one hack for this but there were so many mods it would make upgrading the MediaWiki install a painful chore.

  20. @Anyone looking to implement Wikis for projects or company use

    I had been looking for a wiki for a long time to use as a collaborative tool for internal purposes only and I had originally turned to mediawiki because it is known and already available by our web hosts. However I learned that it is difficult to restrict public access and provide implement it into our server for internal development.

    However I stumbled across TWiki which was designed specifically for projects and collaboration for development. I am setting this up as I write this as a possible long term solution but to relieve more immediate needs. It looks like it provides support to restrict access to groups so it would be very easy to deny public access and make user for yourself or internal collaboration.

    @mahalie
    This is still a great tutorial and I may end up coming back to use it if I TWiki is not the solution I think it is.

    Also I think it is a great idea to user Drupal as a tool to develop an internal structure for colloboration and development. That is my current long term goal, to setup Drupal to act as our web server, but also an internal structure for employees and company information. Drupal is rich and I encourage anyone looking toward similar goals to take a look at it. I have not actually seen any outstanding Wiki Modules but I am looking to implement one using the resources that are already there.

    I will be setting up a Group soon to work on an installation profile for Drupal to include Drupal Stable Core, CRM (Provbably CiviCRM), and separate Wiki database so you can backup and import the wiki separately. If you are interested in helping or want to follow up on the progress, I will be starting shortly. You can contact me or follow the group at Drupal.org. My user name there is Geared.

  21. thanks for this – exactly what i was looking for and easy to follow. I ve just setup mediawiki fresh and this was the first thing I changed and seems to work perfectly.

  22. This seems really good, and judging by the fact that everyone is having success with it would tend to suggest I have done something wrong! Whenever I try to access the site, it won’t even redirect me to the Main_page, it just sits on the domain :/
    I have entered this, as directed above, to the bottom of the LocalSettings.php:

    # This snippet prevents new registrations from anonymous users
    # (Sysops can still create user accounts)
    $wgGroupPermissions['*']['createaccount'] = false

    Disable reading line, for anonymous (not-logged-in => * ) :
    $wgGroupPermissions['*']['read'] = false;

    # … and enable anonymous to read the followings pages :
    $wgWhitelistRead = array( “Main Page”, “Special:Userlogin”, “-”, “MediaWiki:Monobook.css” );

    $wgGroupPermissions['*']['createaccount'] = false;

    I also made sure that there weren’t any smart quotes in there, but no luck. Just to clarify, it works fine with the normal LocalSettings, so something I have changed is making the system unhappy… Help?!

  23. You should have this line only once and you should have it right (i.e. with semicolon) $wgGroupPermissions['*']['createaccount'] = false;
    the missing semicolon is the thing causing you trouble.

    Btw, great info, mahalie!! Thanks a lot.

  24. Hey Mahalie,

    This is great info – it worked fine on my MediaWiki (v1.15.0).
    Thanks for your effort – it was just what I needed and saved me lots of time.

    Cheers,
    Peter

  25. Thanks for the info Peter, to tell you the truth I’m surprised people are still using this article since it’s so old. I’m glad it’s still helpful. I hope this means I can upgrade MediaWiki easily ;)

  26. Thanks alot for the detailed instructions it works great however I am having a problem with files. If I have a thumbnail on a page and I click on it to go to the file page it tells me I have to be logged in. I am already logged in so have you seen this issue before? Do you know if there is a fix for it?

    After clicking on the image I get something like FILE:example.jpg

    Thanks again for the tutorial and for any help you may be able to provide in solving this issue.

    Don

  27. I haven’t see this behavior personally…I have a few linked images and files (PDFs and the like) and they work fine (no need to re-login). Are you using the Wiki markup for linking to an image…like: [[:Image:GUI dev example.jpg|GUI Development in Progress]]

    Also, do you happen to be on a wireless/mobile internet connection. I wonder if your IP address is changing or you only have the login problem with images?

    One other thing to check is file permissions on images. Oh yes, actually I vaguely remember having to add something to the config files when I wanted to start linking to images…let’s see if I can find that again…

  28. Looking at my LocalSettings.php it sounds like you have uploading working, it’s just viewing them that’s resulting in an authentication issue? Be sure to check the official docs to make sure you have everything properly configured:
    http://www.mediawiki.org/wiki/Manual:Configuring_file_uploads

    I don’t have anything unusual for file uploads in my setup, just the usual chmod 755 of the images directory and settings to enable uploads and certain file extensions I use a lot. (See instructions in link above).

  29. Thanks for the quick reply. I am not on a wireless the log in issue only happens when the site tries to go to pages FILE:something. I think that it has something to do with the FILE namespace being blocked somehow. Let me know if you need anymore info.

  30. Hi,
    … It all worked in my 1.15.3 installation except:
    When I tested the system message at …/index.php?title=MediaWiki:Nosuchuser&action=edit it didn’t work.
    I delved a little further and discovered ../index.php?title=MediaWiki:Nosuchusershort

    Changed that and all went well.

    Many thanks for this… A really useful Tutorial.

  31. Is there a way to restrict to site to a smaller group of user only? Right now mine is accessible by anyone with the company account but i would like to make available to my group only.
    It was a great tutorial by the way.

  32. Many thanks, works great. Going to use this to create a company wiki where only the Admin can create new users, and only users can view pages.

    Thanks again!

  33. In addition to your suggestions, I modified wiki.yourdomain.com/index.php?title=MediaWiki:Loginreqpagetext to be consistent with the text you have in the nonsuchuser page. That way, any page landed on says it’s a private site and that you need to login for access. I’ve hidden Main Page as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>