ICT:Account protection
Overview
This document outlines the security profile of default system accounts and the hardened registration settings for this MediaWiki instance (v1.45).
Default System Accounts
Upon initialization, MediaWiki creates or reserves specific identities.
MediaWiki default
- Type: Virtual/System User.
- Password Protection: This account does not have a password and is blocked from web-based login.
- Function: It acts as a placeholder for automated interface updates and system-generated edits.
- Security Status: Safe; cannot be compromised via brute force.
Initial Admin (Sysop)
- Type: Human Administrator.
- Security: Protected by a salted hash password.
- Audit Path: Check rights via Special:UserRights or the Sysop List.
Applied Hardening (LocalSettings.php)
To prevent unauthorized account creation and "shadow" users, the following configurations are active:
Registration Lock
The following prevents the "Create Account" option from appearing to anonymous visitors:
$wgGroupPermissions['*']['createaccount'] = false;
Write Protection
To ensure data integrity and prevent spam, anonymous editing is disabled:
$wgGroupPermissions['*']['edit'] = false;
Successor Maintenance Notes
- Always verify the user list via Special:ListUsers after performing software updates.
- If a new system user appears after installing an extension, verify its status on the MediaWiki System User Manual.