Wiki.js is a Node.js wiki and CMS with authentication integrations and markdown rendering. Security posture depends on auth strategy, editor permissions, and plugin config secrets.
¶ 1) Protect secrets and administrative access
- enforce SSO and OIDC with MFA and disable unused local auth methods
- set strong JWT and session secrets and protect database credentials
¶ 2) Control extensions and update cadence
- apply granular page and editor permissions and deny anonymous writes
- review markdown and extensions for script injection paths
¶ 3) Harden runtime and deployment perimeter
- enforce HTTPS and reverse-proxy rate limits for auth endpoints
- patch Wiki.js and Node runtime and scan dependency tree
- Wiki.js docs: https://docs.requarks.io/
- Wiki.js source: https://github.com/Requarks/wiki
Any questions?
Feel free to contact us. Find all contact information on our contact page.