Keep Tiki Secure
Be Notified of New Releases
New Tiki releases are announced in many places.
Tips to Enhance Security
- Keep your Tiki up to date. This is often overlooked! You may want to use one of the auto-installers.
- Check your server configuration with a script like phpsecinfo.
- Check your server & installation using: doc.tiki.org/security+admin.
- Have your server professionally installed and keep PHP, Apache, Linux, etc., up to date.
- Use strong passwords and set a password policy.
- Enable the password blacklist to prevent easily guessable passwords.
- Only activate the features you need. Each feature is a potential security vulnerability. If the feature is turned off, it can't be used.
- If you are using permissions to restrict certain parts of the site, make sure to test. It's an advanced feature and it can be misconfigured.
Manage Tiki Effectively
- Setup and test a backup procedure.
- Use Tiki Remote Instance Manager to manage a large number of Tiki instances.