Hi guys -- New user here and I'm really enjoying testing DokuWIki, and this forum has already been very helpful, thank you! Bravo to the devs and contributors over the years for their commitment and outstanding work! Super excited to use DokuWiki!
I was wondering, after looking through changelogs and the history and also the warnings, for example: https://www.dokuwiki.org/security#plugin_security -- and things like "WARNING: DokuWiki's ACL feature has been included for some time and should be pretty stable. However, if you are concerned about the risk of unauthorized users accessing information in your wiki, you should never put it on a computer accessible from the Internet" on this page ( https://www.dokuwiki.org/acl ), I'm wondering how rock solid secure you guys feel DokuWiki is?
I'll probably keep my wikis behind a firewall for LAN access only, but I'd like to put at least one on the Internet too, so I want to be realistic about how secure it is.
On first impression in my research, it looks solid indeed, and it seems to have a good track record over the years, but what has your personal experience been? Anything I should be worried about? As long as I follow good ACL policy (I'm using the default ACL feature), and the recommended DokuWiki .htaccess guidelines for Apache, and keep my Ubuntu server patched?
Any extra tips to make sure it is locked down?
The plugin security warning kind of concerns me since I don't have the time or enough experience to audit every plugin, but I definitely want to use several of these great looking plugins... do you have any comments/concerns about them? Which ones do you feel are the safest, most solid, and most secure plugins?
Any specific concerns about the ones below?
I DEFINITELY want to use:
MAYBE I will use these:
Thanks for any insights you can share. DokuWiki has really impressed me, and I'm looking forward to putting it into production!