From mediawiki.org
Jump to navigation Jump to search
MediaWiki extensions manual
OOjs UI icon advanced.svg
Release status: unmaintained
Implementation User rights , Page action
Description This allows page protection using password
Author(s) Piotr Stawiński (PSttalk)
Latest version 0.01 (2009-02-10)
MediaWiki 1.13
MediaWiki 1.36 Not formally tested
MediaWiki 1.34 Not formally tested
MediaWiki 1.32 Not formally tested
License No license specified
Download download

Check usage and version matrix.

What can this extension do?[edit]

This is a pretty simple implementation of per page protection. It allows to protect each page with separate password from reading and editing. It uses userCan hook with all its advantages and disadvantages.


This is very experimental version! Do not use it to protect critical data.

On my wiki I've created special namespace:

define("NS_PROTECT", 100);
define("NS_PROTECT_TALK", 101);
$wgExtraNamespaces[NS_PROTECT] = "Protect";
$wgExtraNamespaces[NS_PROTECT_TALK] = "Protect_talk";
$wgProtectedPagesNamespaces = array(NS_PROTECT, NS_PROTECT_TALK);

that is protected. However, You can protect whichever namespace You like. Protected articles displays new personalUrl "protect". After creating page You should click protect (in personal url), then You'd be redirected to set up the page password. After doing this anyone wanting to see/edit this page have to unlock it using password.

Sysops can see every page as it was not protected. Protected pages are visible only for logged users.


To install this extension, download all files to extensions/PasswordProtectPages and add the following to LocalSettings.php :

$wgProtectedPagesNamespaces = array(NS_PROTECT, NS_PROTECT_TALK); # or: NS_MAIN etc.

You also have to create new table to store passwords: execute this code to your database (add in front of protect_pages your prefix):

CREATE TABLE `protect_pages` (
  `pageid` int(3) NOT NULL,
  `password` blob NOT NULL


This is per page protection with all it's consequencies. I would recommend setting: $wgFeed = false; for better protection.

Protected pages are still searchable! But their source is hopefully not displayed, so this lack of security is not critical.

I'm gonna test this extension intensively next days.