Manual:List of MediaWiki configuration settings containing sensitive data
 | This page is outdated. |
The following incomplete list of configuration settings should generally not be kept in LocalSettings.php because they can be served as plain text under several different conditions revealing your wiki admin account to the world. For information on securing them better, see Manual:Securing database passwords. Some of these settings are from the MediaWiki core and others are from MediaWiki extensions.
Alphabetical list, sorted first by location[edit]
| Setting | Location | Description |
|---|---|---|
| $wgDBadminpassword | Core | Database administrative password |
| $wgDBadminuser | Core | Database administrative username |
| $wgDBname | Core | Database name |
| $wgDBpassword | Core | Database password |
| $wgDBserver | Core | Database host name or ip address |
| $wgDBuser | Core | Database username |
| $wgSecretKey | Core | Used to increase cryptographic entropy when generating user_token |
| $wgSMTP | Core | Contains password for SMTP access |
| $wgUpgradeKey | Core | Password protecting the upgrade script |
| $wgReCaptchaPrivateKey | Extension:ConfirmEdit | Private key for access to the ReCaptcha site |
| $wgSecureHTMLSecrets | Extension:Secure HTML | Secret key strings to allow arbitrary HTML to be displayed |