Addressing security issues throughout the wiki installation and maintenance

Archive /
Cookbook /
ActionLog  Maintain a page log of wiki actions (Stable)
AddingAuthLevels  adding auth levels and page attributes
AddToWatchlist  Add or remove a page from your watchlist trail with a single click (beta)
AesCrypt  Provide client-side AES encryption support
AesCrypt-1  Provide client-side AES encryption support
AuditImages  View the images that have been uploaded to your wiki. (Stable)
Auth-SMF  Integrate SMF Simple Machines Forum with PmWiki and use SMF user management for Pmwiki authentication (new)
AuthCAS  Central Authentication Service(CAS) based authentication
AuthDNS  Password-less authentication based on the visitor's IP address or (dynamic) hostname (Beta)
AuthenticatedAsConditional  A different way of performing authentication than PmWiki's "default" (deprecated)
AuthenticatedAttach  Lets the user view an Attachment only if they have the appropriate password (Obsolete)
AuthPhpBB2  Use phpBB2 user authentication for PmWiki page edit protection and author name (Stable)
AuthPhpbb2Sso  Single Sign On for PmWiki and phpBB2 (Stable)
AuthPhpBB3  Use phpBB3 user authentication for PmWiki
AuthPhpBBUsersAndGroups  Use phpBB3 user authentication and groups for PmWiki
AuthProfile  Like AuthUser, but designed to store login information in profile pages (Beta)
AuthPunBB  Use PunBB/FluxBB user authentication for PmWiki (Draft)
AuthUser  PmWiki built-in user authentication system using user names and passwords (Stable)
AuthUserBbPress  Ability to Authenticate against a MySQL BBPress user database. (First Release)
AuthUserCookie  Persistent login for AuthUser
AuthUserDbase  Enables user authentication via database, whether from another application, or standalone (beta)
AuthUserFederated  OpenID and OAuth authentication extension for AuthUser (In active use)
AuthUserOpenId  Implement single sign-on and Identity mechanism based on OpenID protocol.
AuthUserSignup  Allow users to sign up themselves (with email verification) for authuser accounts (Deprecated (UserAdmin is better))
AuthUserVBulletin  Allows PmWiki to use vBulletin for a user login/password base, and to borrow PmWiki groups from vBulletin. (beta)
BackupHTMLZip  Export your wiki to static HTML then optionally compress/zip it (Experimental)
BadBehavior  Protect PmWiki with Bad Behavior 2.2.x
Blocklist  Obsolete recipe, please see PmWiki.Blocklist (obsolete)
Captcha  Use captchas to prevent automated systems from modifying pages (Stable)
Captchas  Uses captchas to protect certain actions from spambots (pre-alpha, discussion)
CMSMode  Make your wiki look and act like a normal website for non-author visitors. (Beta)
ControllingWebRobots  How to control web robots or bots trying to scan files (stable)
CryptPlus  Additional password hashing algorithms for AuthUser and HtpasswdForm (Initial release ("works for me"))
DeleteAction  Use a separate password for deleting pages
DeObMail  Unobtrusive e-mail link (de)obfuscator (Beta)
DesCrypt  Provide client-side DES and 3DES encryption support
DirectoryAndFilePermissions  Explains which directories and files need to be readable, writable, and servable by the webserver. (Developing)
DNSauth  Authentication by (dynamic) DNS or IP address (superseded by AuthDNS)
EditCrypt  Allow server-side encryption/decryption of pages while editing (Alpha (still missing history suppression))
EProtect  Email obfuscation
ExternAuth  Use authentication mechanisms external to PmWiki
FarmApacheConfiguration  An attempt to secure a Pmwiki Farm with apache configuration
FarmApacheConfiguration-Talk  Talk Page for FarmApacheConfiguration recipe
FarmSecurity  Some things to know about PmWiki.WikiFarm security. (Stable)
FarmSetupByExample  An alternative introduction to creating a WikiFarm (Maintained)
FixShortSessions  How to fix short sessions so you aren't prompted frequently for a password
FoxAuthUserCommentBox  Posting comments for logged in users only, using Fox
HtpasswdForm  Form based management of users and passwords using .htpasswd/.htgroup files (Stable)
InactivityTimeout  Automatically logout inactive users
JavaScriptHelpers  Collection of simple JavaScript tools for wikis (Planning)
LocalTimes  Display RecentChanges and History timestamps in the local timezone of each visitor. (Beta)
LoginLogout  How to log out after logging in (Q&A)
MailmanAuth  Use an external mailing list for PmWiki authentication (beta)
MakingPasswordRequestsExplicit  How can we tell which password is requested?
MemberMgmt  Advanced member management (using ZAP and AuthUser). Allows self registration, logins, groups, site customization, and more! (Beta (relies on latest Beta version of PmWiki))
OnlyOneLogin  Only allow 1 login at the same time for a username (working)
OpenPass  Set a global password which is openly displayed to reduce spam (Alpha)
PageCreator  adds page creator (original author) to be stored as a page attribute
PageTimer  A draggable countdown timer. URL redirect on timer expiration.
PersistentLogin  Login form with "Remember me/Stay signed in" option (Beta)
PresenceAwareness  User-based authentication, a list of online logged users, tools to register and manage users and send posts via Jabber
PreventHotlinking  Prevent hotlinking of uploaded files
PrintGroup  Export WikiGroup pages to one large HTML file, and/or to PDF (Experimental)
PrivateGroups  How to create private groups on public wikis (Stable)
QuickStartForAuthUser-Talk  Just a quick guide for people to set up AuthUser to lock down their site. (beta)
ReCaptcha  Slow down spammers with Google reCAPTCHA. (Active)
RecipeCheck  Check for new versions of recipes on (Stable)
RequireAuthor  Require author names when saving pages (Documentation)
RestrictActions  require admin privilege for most actions (if not defined otherwise). (stable)
SecLayer  Provide a ready-made security layer (while developing recipes) for controlling page access (Beta)
SecureAttachments  Security issues for attachments
SessionGuard  Hamper session theft (session hijacking) and session fixation attacks. (Working)
SessionSecurityAdvice  Collections of advice for securing your Wiki's sessions.
SimplemachinesIntegration  How to use the authentification of the Simplemachines forum to control the access to a PmWiki installation
SingleSign-On  Use Windows-Logon for Authentication on pmwiki (Stable)
SourceForgeServers  Install PmWiki in's project web space. (Outdated)
SpamFilters  Automatic blocking of some spambots (beta)
StoredAuthName  How to set a stored author name to an authenticated user (Stable)
SwitchToSSLMode  How to force PmWiki to use Transport Layer Security (TLS) (Beta)
TextCaptcha  Small and simple text captcha that uses ascii art and no session, cookies and images (beta)
TrackChanges  Ways to more easily detect and verify all recent edits
UBBThreadsIntegration  How to use the user authentification of the UBBThreads forums to control access to a PmWiki installation
UserAdmin  AuthUser account self-registration and management (beta)
UserAuth  User-based authorization (Obsolete)
UserAuth2  A user-based permission granting and authentication module (released, stable, maintained (tested with Pmwiki 2.1.11, 2.2.0-beta45))
UserAuth2-Talk  Discussion of UserAuth2 (released, stable, maintained (tested with Pmwiki 2.1.11, 2.2.0-beta45))
UserAuthDevel  User-based authorization Development Page
UserLastAction  Record the last action for each user so that stale accounts can be detected (stable)
WebServerSecurity  How to use ".htaccess" to make PmWiki more secure
WhosWhere  Show Who's Where on your wiki (Experimental)
WhosWhere-Talk  Talk page for WhosWhere.
WikiSh  Wiki-based script language roughly emulating linux shell tools (Beta)
WikiShCrypt  Provide encryption/decryption for WikiSh commands and in other contexts (Alpha)
CookbookFr /
AuthTable  Liste toutes les pages du wiki avec leurs attributs (working)
PmWiki /
InitialPasswords  PmWiki's initial password settings
Security  Resources for securing your PmWiki installation
SiteAnalyzer  Analyse PmWiki security and software versions
PmWikiDe /
InitialPasswords  Erste Schritte zum Schutz der Seiten
Security  Zeigt relevante Verweise zur Sicherheit
SiteAnalyzer  Analyse der Sicherheit der Site und Angabe der Software-Version