2

I used to use xampp for self hosting a private wiki, but found the hassle of having to start the server, then stop the server really tiring. My next option has been to host a DokuWiki installation on a webhost plan at http://www.siteground.com/

I have set the wiki to private and it does not allow for any users to register. So my question is how secure is this? Here are my questions:

  • At the moment if it got hacked I would not worry too much, but do plan on using it for more personal information at some point (information for ongoing projects that must remain private)
  • Can any 13 year old script kiddie bypass the .htaccess security? How advanced must my attacker be to download all the files?
  • Would you personally trust the web hosting company? Or is it common to have nosy staff members?
  • I was using Evernote but much prefer the layout and control of DokuWiki, is Evernote probably much more secure than a self hosted DokuWiki on siteground's servers?

I like hosting in at my domain because I can access it from anywhere, but the security worries me. If Adobe can be hacked then I can be too, I just want to know how easy is it to bypass Apache server security?

  • What is the weakest link?

Also, if I make the entry url to the wiki a string that has no link is it more secure (So host the wiki at www.mydomain.com/4jfalkh483f849283fh7fh3082hf37/doku.php

If I know that url and bookmark it, but don't have any hyper links to the secret URL does this increase my security at all?

Joseph
  • 867

1 Answers1

1

Your site is as secure as the weakest link in the chain. How secure is http://www.siteground.com/ in the first place? A 13 year old script kiddie can bypass the .htaccess of a sufficiently outdated apache. You need to ask the question: how carefully do they maintain their systems? Do they comply with the highest security standards? I couldn't find anything about this on their website, so you'll have to ask them.

It's not all about up-to-date systems. Configuration is important too. A poorly designed .htaccess could be the weakest link as well (thinking about basic vs. digest authentication). See How secure is .htaccess protected pages.

I can't say anything about siteground specifically, but in general, you need to remember that admins are humans. Ultimately you'll have to make the decision yourself: do you trust anyone? How bad is it if your data gets out? Is it threatening Mankind? Your life? Or is it just going to be annoying? There is no single answer here, you'll have to build your own.

Community
  • 1
Calimo
  • 1,465