How to prevent users from viewing pages in MediaWiki
By default, all users can view the pages on your site. To restrict users from viewing the content on your MediaWiki site, you have to change the permissions of user groups. For example, you can prevent unregistered users from viewing pages and you can allow only registered users to view pages. This is usually done when creating a private wiki site and it's typically combined with restricting the editing of pages for certain groups (e.g. anonymous users), preventing users from creating accounts and allowing only a specific user group or groups (e.g. administrators) to create accounts for other users.
In this article we'll go over how to prevent users from viewing content. This is done per user group by changing the permissions of the user group that you don't want to be able to view content. Permissions of user groups are changed by modifying the LocalSettings.php file of your MediaWiki. You have to disable the read permission for the group. For example:
$wgGroupPermissions['*']['read'] = false;
will prevent unregistered users from viewing the pages on your site. Registered users have this right specifically added to their group so they will be able to view pages. Don't forget that users can belong to more than one group and if any of the groups to which the user belongs has the right to read pages, then the user will be allowed to view pages (even if for one of the groups to which the user belongs the right to read pages is disabled).
From the default groups that come prepackaged with MediaWiki the right to read pages is specifically enabled for the most general group to which all users belong, including unregistered users, and the group of the registered users. This means that, for instance, if in addition to disabling the viewing of pages for anonymous users by adding the above line, you also disable that for the group of the registered users, then administrators/sysops will not be able to view pages because the permission is not specifically added to the sysop user group (and sysops also belong to the group of the registered users). To specifically add the permission to a group use the same code but change the label for the user group and replace false with true (e.g. $wgGroupPermissions['sysop']['read'] = true;).
There are a few other important things to keep in mind:
- Pages can be whitelisted so that they can be accessed even when the user doesn't have the permission to view pages. This is very important, for instance, for registered users to be able to open the login page and log into their accounts. By default, the login page is whitelisted so it can be accessed anyway and you don't have to worry about that. The page for resetting the password of a user is also whitelisted by default. You can whitelist pages by adding some code at the end of the LocalSettings.php file of your MediaWiki. For example, if you add the following on a new line:
$wgWhitelistRead = array( "Main Page", "Example page" );
will whitelist the main page (i.e. the homepage of the site) and a page with the name Example page. You can list as many pages as you want. If the name consists of more than one word, separate them with a space as shown above. If a page belongs to any of the other namespaces than the main one, you should also add it to the name. You can check what it is in the URL of the page. For instance, Special:UserLogin is the login page (which belongs to the Special namespace).
- It's recommended that you combine the restriction for viewing pages with a restriction for editing pages and also for creating accounts. Otherwise, since the login page is accessible any visitor can create accounts and view the content. You can allow only a specific group to create accounts for other users.
- Restricting anonymous users (the user group labeled with * in the code) from accessing pages also means that these pages will not be indexed by search engines.
You may also find useful the articles on: