I was thinking of making a Wiki site and I'm wondering, can people hack it or put a virus on it or something?

People can put some vicious HTML code in a Wiki article, but you can disable HTML.

Yes, its the same as with forums. Allow only wikicode, dont allow html.

In short you can catch a virus/worm/spyware from any website.

You just need to be careful

Disabled HTML as Boron and Mystic have said.
Yes, its the same as with forums. Allow only wikicode, dont allow html.

This will stop users from redirecting your traffic to other websites, bringing up downloads which appear to come from your website or worse post some malicious code.

Also be critical about attachments or user file uploads, these can obviously contain viruses which can spread to other users who download the file. Can you avoid user file uploads entirely?

Also ensure that your file permissions are set correctly.

I hope that helps.


Arthur :)

Mm.. I don't think they need to upload any files. Oh wait, they do need to upload html links tho. Is that bad? It's a sweepstakes wiki. I started to make the site then realized it would be too time consuming to add 5,000 sweepstakes and do my other projects too, so I thought I'd try a wiki.

You do get something like BB or VB code in wiki? I am not to familiar with it.

If you do then you could offer links, bold formatting etc but still not allow HTML to be posted.

I caught Chicken Pox from the Wiki before, ouch.

Yes. Wiki has its own code, and its a lot more complicated than vbcode. Just go to en.wikipedia.org and click on edit to test it out (dont save the changed though, unless they are productive one).
You need to let users upload images.

If it allows user input, people can possibly find an exploit for it, so yes anything can get a virus pretty much.

If it allows user input, people can possibly find an exploit for it, so yes anything can get a virus pretty much.
Well, if they hack it by attacking php or mysql, its totally different.
But, I dont think they can put mailcious code into it, as I said, only a selected number of codes which are basically related to formatting of the content is allowed. No html, or scripts are allowed.

Yes. Wiki has its own code, and its a lot more complicated than vbcode.

Sounds good thanks for clarifying that :).

Be sure to disable javascript or your site might be flagged by google as being unsafe.