Manual:List of MediaWiki configuration settings containing sensitive data

From Linux Web Expert

The following incomplete list of configuration settings should generally not be kept in LocalSettings.php because they can be served as plain text under several different conditions revealing your wiki admin account to the world. For information on securing them better, see Manual:Securing database passwords . Some of these settings are from the MediaWiki core and others are from MediaWiki extensions.

Alphabetical list, sorted first by location

Setting Location Description
$wgDBadminpassword Core Database administrative password
$wgDBadminuser Core Database administrative username
$wgDBname Core Database name
$wgDBpassword Core Database password
$wgDBserver Core Database host name or ip address
$wgDBuser Core Database username
$wgSecretKey Core Used to increase cryptographic entropy when generating user_token
$wgSMTP Core Contains password for SMTP access
$wgUpgradeKey Core Password protecting the upgrade script
$wgReCaptchaPrivateKey Extension:ConfirmEdit Private key for access to the ReCaptcha site
$wgSecureHTMLSecrets Extension:Secure HTML Secret key strings to allow arbitrary HTML to be displayed

See also