per default there is no admin/login screen… until you run install.php

here is the complete setup documentary… have fun.

  1. ssh into your server
  2. create subdirectory mkdir /web/root/dokuwiki
  3. wget; # download
  4. tar fxv dokuwiki-c5525093cf2c4f47e2e5d2439fe13964.tgz; # unpack
    1. depending on your rights management:
      1. chown -R webserveruser:webserveruser /web/root/dokuwiki;
      2. chmod -R o+r /web/root/dokuwiki;
      3. chmod -R 0755 *
  5. now dokuwiki would be ready to go: (if you do not need login/admin/access restrictions = public wiki = bad idea will be hijacked by bots pretty soon)
  6. start webbrowser go to (preferable via SSL)

  1. specify username for superuser and password.
  2. now you have a login link on the top right corner:
  3. click on that „log in“ link
  4. the world is an ugly place: thightening security:
    1. rename install.php to whatever.ph_
    2. test if you can access this file:
    3. if yes:
      • DokuWiki stores configuration and page data in files.
      • These files should never be accessible directly from the web.
      • The distribution tarball contains a set of .htaccess files which usually tell the Apache web server to deny access to certain directories.

If you don’t use the Apache web server or your Apache does not use .htaccess files you need to manually secure your installation

The following directories should not be accessible from the web:

  • data
  • conf
  • bin
  • inc (isn’t dangerous when accessible, though)

To check if you need to adjust the access permissions try to access You should not get access to that file this way.

let’s continue: plugins and extensions

  1. disable all unnecessary extensions:
  2. in general: you should always run as little software on your servers as possible – minimizing attack surface.

make the wiki private: login only

chances are pretty good sooner or later a bot discovers your public wiki and will overwrite your content with links to (just to push the google ranking or whatever)

what you want bots to see is this a login screen…

click on admin or log in in the top right corner… go to user manager.

add a new user:

go back to admin dashboard and clock on „Access Control List Manager“.

There are 7 permission levels represented by an integer. Higher levels include lower ones. If you can edit you can read, too. However the admin permission of 255 can not be used in the


file. It is only used internally by matching against the superuser option.

Reporting Security Issues

If you encounter an issue with a plugin please inform the author of the plugin via email, optionally putting Andi or the mailinglist on CC.