WordPress MediaWiki integration

On the other end of the spectrum, I would be happy if I could install a wiki and share the login credentials between WordPress and the wiki. I hacked MediaWiki a while ago to share logins with another site (in ASP Classic) via session cookies, and it was a pain to do and even worse to maintain. Ideally, I would like to find a plug-in or someone who knows a more elegant solution.

Related posts

Leave a Reply

6 comments

  1. My company uses WordPress and MediaWiki internally and we use HTTP_AUTH access control to create a “single sign on”. As we add more applications, we simply integrate them into the HTTP_AUTH system where practical. For security, you can run HTTP_AUTH over SSL. The basic steps are:

    Configure the .htaccess to specify the authentication type. We use MySQL in production but you could have a simple htpasswd file.

    In the WordPress directory’s .htaccess file add the following:

      <Files wp-login.php>
        AuthType Basic
        AuthName "Restricted Access"
        AuthUserFile /some/path/to/htpasswd
        Require valid-user
      </Files>
    

    In the WordPress wp-admin/ directory’s .htaccess add the following:

      AuthType Basic
      AuthName "Restricted Access"
      AuthUserFile /some/path/to/htpasswd
      Require valid-user
    

    In the MediaWiki directory’s .htaccess file add the following:

      AuthType Basic
      AuthName "Restricted Access"
      AuthUserFile /some/path/to/htpasswd
    

    Then install the HttpAuth extension for MediaWiki and the HTTP Authentication plugin for WordPress and configure. We had to make some slight modifications to the MediaWiki extension as our hosting environment does not provide mod_php but if you have mod_php it will work out of the box.

    Note that our environment is a private intranet so everyone is authenticated. The above .htaccess files will work for publicly viewable blogs but some additional tweaking may be required for the MediaWiki .htaccess depending on whether you want everyone to be required to be authenticated or not and if the site is publicly available.