Security Guidelines

From GeeklogWiki
Revision as of 15:51, 14 June 2009 by Dirk (talk | contribs) (link to Clickjacking Protection)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Recommendations to secure your Geeklog site.

After Installation

Please follow the recommendations outlined in the installation instructions and contained in the reminders that are built into Geeklog:

  • Change the default password of the Admin account!
  • Remove the installation script. Once you have successfully installed or upgraded Geeklog, you will no longer need it.
  • Change the permissions for the db-config.php and siteconfig.php files so that they are no longer writable.


Configuration Options


Daily Use

  • Consider using an account that has only the permissions that you actually need. For example, you may be spending most of your time on the site writing articles. For that, you do not need to be in the User Admin group.


Staying up to date

We recommend that you subscribe to the (low traffic) geeklog-announce mailing list to be informed about new Geeklog releases and security issues. You can also subscribe to the RSS feed of the Security topic on the Geeklog homepage.


(to be continued)