Tiki Wiki CMS Groupware Security HeadQuarter

To allow us time to patch the system, please report the vulnerability using the bug tracking system (you need to log in) using the category "security" but without detailing the vulnerability so it cannot be exploited AND please contact the security squad with full details and we'll deal with your input.

For more information: Full Disclosure Policy (RFPolicy) v2.0


New Tiki releases are announced in many places.

• Subscribe to the Tiki News Releases.
• Follow @tikiwiki on Twitter.
• Subscribe to the Tiki project information on Freecode (previously known as Freshmeat)
• Subscribe to the Tiki project information on SourceForge.net.

1. Keep your Tiki up to date. This is often overlooked! You may want to use one of the auto-installers.
2. Check your server configuration with a script like phpsecinfo
3. Check your server & installation using: doc.tiki.org/security+admin
4. Have your server professionally installed and kept up to date (PHP, Apache, Linux, etc.)
5. Use strong passwords and set a password policy
6. Only activate the features you need. Each feature is a potential security vulnerability. If the feature is turned off, it can't be used.
7. If you are using permissions to restrict certain parts of the site, make sure to test. It's an advanced feature and it can be misconfigured.
8. Setup and test a backup procedure

Work in ongoing on the Tiki Remote Instance Manager. This is very useful to manage large numbers of Tiki instances.

• 8.x
• 7.x
• 6.x
• 5.x
• 4.x
• 3.x
• 2.x
• 1.x

8.x

7.x

6.x

5.x

4.x

3.x

2.x

1.x