WackoWiki: Admin Panel

https://wackowiki.org/doc     Version: 07.08.2021 06:51
Also available in Deutsch[link1], Español[link2], Français[link3], Русский[link4], 简体中文[link5]

1. Configuration

1.1. Create a Recovery-Password

  1. to login define the recovery_password in the config/config.php file first
    1. Call the {{admin_recovery}} action as Admin and generate the password hash for your recovery_password
    2. Add the password hash: 'recovery_password' => 'add hash here',
  2. Don't forget to delete the _cache/config/config.php afterwards. (manually or via the admincache action)
  3. Call yourwiki/admin.php
  4. Enter your recovery password

1.1.1. Example

Add action {{admin_recovery}}
Screenshot: WackoWiki R5.5 configure Admin panel access step 1: via action {{admin_recovery}}

Create password hash
Screenshot: WackoWiki configure Admin panel access step 2: create password hash

Edit config/config.php
Screenshot: WackoWiki R6.1 configure Admin panel access step 3: edit config/config.php

Clear config cache with {{admincache}} action
action admincache

1.2. Modi

There are two Modi (config/constants.php)
  1. const RECOVERY_MODE					= 1;
    • to restore or repair the database, no database access is required, only a subset of modules are available
    • ensure that the database you provided in the config file is already created
  2. const RECOVERY_MODE					= 0;
    • you must already be logged in as member of the Admin group to access the Panel (default)

2. Login

  1. Login as Admin in the Wiki
  2. Call https://wiki.example.com/admin.php (without mode_rewrite /?page=admin.php)
  3. Enter the recovery password you've previously created.

attachment settings module
Review the Preferences sections to make sure that the default settings values are acceptable to you; change what is not appropriate for you.

One of the wisest security principles says that what is unused should be disabled. So the first questions is: Are you really going to use it? Do you need it to be enabled?

3. Protect your Admin panel

Follow this security policy to protect your site from hackers and security breaches.

  1. Choose a secure password
  2. Limit Login Attempts
  3. Require HTTPS/TLS for all pages with logins
  4. Don't use your Admin panel password for anything else
  5. Use a custom admin path
  6. Restrict admin access to only approved IP addresses

3.1. Admin Panel Lock

The site is temporarily unavailable due to system maintenance. Please try again later.

If your Admin panel gets locked reset config/lock_ap from 1 to 0.
The lock occurs when the password has been repeatedly entered incorrectly and is a measure to mitigate attempts to gain unauthorized access.


3.2. Site Lock

In addition, you may receive this message if you have locked your site and forgot to unlock it again in the Admin panel.
To unlock your site reset config/lock from 1 to 0.