Admin Panel

1. Configuration

1.1. Create a Recovery-Password

  1. to login define the recovery_password in the config/config.php file first
    1. Call the {{admin_recovery}} action as Admin and generate the password hash for your recovery_password
    2. Add the password hash: 'recovery_password' => 'add hash here',
  2. Don't forget to delete the _cache/config/config.php afterwards. (manually or via the admincache action)
  3. Call yourwiki/admin.php
  4. Enter your recovery password

1.1.1. Example

Add action {{admin_recovery}}
Screenshot: WackoWiki R5.5 configure Admin panel access step 1: via action {{admin_recovery}}

Create password hash
Screenshot: WackoWiki configure Admin panel access step 2: create password hash

Edit config/config.php
Screenshot: WackoWiki R6.1 configure Admin panel access step 3: edit config/config.php

Clear config cache with {{admincache}} action
action admincache

1.2. Modi

There are two Modi (config/constants.php)
  1. const RECOVERY_MODE					= 1;
    • to restore or repair the database, no database access is required, only a subset of modules are available
    • ensure that the database you provided in the config file is already created
  2. const RECOVERY_MODE					= 0;
    • you must already be logged in as member of the Admin group to access the Panel (default)

2. Login

  1. Login as Admin in the Wiki
  2. Call (without mode_rewrite /?page=admin.php)
  3. Enter the recovery password you've previously created.

attachment settings module
Review the Preferences sections to make sure that the default settings values are acceptable to you; change what is not appropriate for you.

One of the wisest security principles says that what is unused should be disabled. So the first questions is: Are you really going to use it? Do you need it to be enabled?

3. Protect your Admin panel

Follow this security policy to protect your site from hackers and security breaches.

  1. Choose a secure password
  2. Limit Login Attempts
  3. Require HTTPS/TLS for all pages with logins
  4. Don't use your Admin panel password for anything else
  5. Use a custom admin path
  6. Restrict admin access to only approved IP addresses

3.1. Admin Panel Lock

The site is temporarily unavailable due to system maintenance. Please try again later.

If your Admin panel gets locked reset config/lock_ap from 1 to 0.
The lock occurs when the password has been repeatedly entered incorrectly and is a measure to mitigate attempts to gain unauthorized access.



3.2. Site Lock

In addition, you may receive this message if you have locked your site and forgot to unlock it again in the Admin panel.
To unlock your site reset config/lock from 1 to 0.




  1. Admin Panel Lock Issues

    State 1: The recovery_password in config.php is empty.

    The administrative password is not specified!
    Note: The absence of an administrative password is threat to security!
    Enter your password in the configuration file and run the program again.

    (a) generate the recovery_password with the {{admin_recovery}} action as Admin
    and set it in config.php


    (b) purge the old config cache via the {{admincache}} action

    State 2: Admin Panel login available

    Admin Panel login screen

    State 3: The Admin Panel Lock is active.

    The site is temporarily unavailable due to system maintenance. Please try
    again later.

    cause 1:
    The Admin Panel Lock is active.

    Wrong password threshold reached

    reset config/lock_ap from 1 to 0

    cause 2.1 -> the entered generated password didn’t match

    cause 2.2 -> typo or wrong hash

    regenerate password hash and compare or reset the current one in config.php

    cause 3 -> _cache/config/config.php holds the old value

    purge the old config cache via the {{admincache}} action
    • WikiAdmin
    • 27.10.2019 18:53 edited