Keep Tiki Secure

Be Notified of New Releases

New Tiki releases are announced in many places.

• Subscribe to the Tiki News Releases.
• Follow @tikiwiki on Twitter.
• Subscribe to the Tiki project information on SourceForge.net.

Tips to Enhance Security

1. Keep your Tiki up to date. This is often overlooked! You may want to use one of the auto-installers.
2. Check your server configuration with a script like phpsecinfo.
3. Check your server & installation using: doc.tiki.org/security+admin.
4. Have your server professionally installed and keep PHP, Apache, Linux, etc., up to date.
5. Use strong passwords and set a password policy.
6. Enable the password blacklist to prevent easily guessable passwords.
7. Only activate the features you need. Each feature is a potential security vulnerability. If the feature is turned off, it can't be used.
8. If you are using permissions to restrict certain parts of the site, make sure to test. It's an advanced feature and it can be misconfigured.

Manage Tiki Effectively

1. Setup and test a backup procedure.
2. Use Tiki Manager to automate operations on any number of Tiki instances.