Table of contents
On tiki-admin_security.php, you can check for less secure server or TikiWiki settings.
It is normal that local.php be modified. If you check the file:
It is also normal that tiki-install.php be modified (as you probably clicked to de-activate it). All other modified files should have been by you.
Please note that if you update your site via SVN, it’s normal that some files are reported because the secDB database is typically only updated at release time.
On more recent versions of Tiki, it’s also normal that language files are flagged because they are compressed after the security check is done. This is solved starting in Tiki 9.2
Also, starting in Tiki 9.2, Tiki not only checks .php files but also .tpl, .css, .sql and .js
See: Robots Exclusion Protocol and Meta Tags
See ModSecurity for more information.
Alias names for this pageSecDB | SecurityAdmin | Security