Distributed Pages:
* [[PmWiki.Passwords]] General use of passwords
* [[PmWiki.PasswordsAdmin]] More password options for the administrator
* [[PmWiki.UrlApprovals]] Require approval of Url links
* [[PmWiki:SiteAnalyzer]] A tool for analyzing site configuration settings and security

Cookbook Pages

* See also [[Cookbook:Cookbook#Security | Cookbook index: Security]]
* [[Cookbook:Blocklist2]] Block postings based on content or IP address
* [[Cookbook:MTBlackList]] Movable Type spam blacklist
* [[Cookbook:WebServerSecurity]] Making the server more secure with .htaccess
* [[Cookbook:FarmSecurity]] Making Farm installations secure
* [[Cookbook:EProtect]] Hide e-mail address
* [[Cookbook:AuditImages]] Check to see what images have been uploaded to your wiki.


>>faq<< [[#faq]]

Q: What about the botnet security advisory at [[http://isc.sans.org/diary.php?storyid=1672]]?

A: Sites that are running with PHP's ''register_globals'' setting set to "On" and versions of PmWiki prior to 2.1.21 may be vulnerable to a botnet exploit that is taking advantage of a bug in PHP.  The vulnerability can be closed by turning ''register_globals'' off, upgrading to PmWiki 2.1.21 or later, or upgrading to PHP versions 4.4.3 or 5.1.4.  In addition, there is a test at [[PmWiki:SiteAnalyzer]] that can be used to determine if your site is vulnerable.