Tiki Wiki CMS Groupware Security HeadQuarter

Disclose a vulnerability
To allow us time to patch the system, please report the vulnerability using the bug tracking system (you need to log in) using the category "security" but without detailing the vulnerability so it cannot be exploited AND please contact the security squad with full details and we'll deal with your input.

For more information: Full Disclosure Policy (RFPolicy) v2.0

To be notified of new releases
New Tiki releases are announced in many places.

Tips to enhance security
  1. Keep your Tiki up to date. This is often overlooked! You may want to use one of the auto-installers.
  2. Check your server configuration with a script like phpsecinfo
  3. Check your server & installation using: doc.tiki.org/security+admin
  4. Have your server professionally installed and kept up to date (PHP, Apache, Linux, etc.)
  5. Use strong passwords and set a password policy
  6. Only activate the features you need. Each feature is a potential security vulnerability. If the feature is turned off, it can't be used.
  7. If you are using permissions to restrict certain parts of the site, make sure to test. It's an advanced feature and it can be misconfigured.
  8. Setup and test a backup procedure

Work is ongoing on the Tiki Remote Instance Manager. This is very useful to manage large numbers of Tiki instances.