Aus Free Software
Version vom 14. November 2014, 20:07 Uhr von Mati (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

Deprecated Extension!

This extension is deprecated and no longer maintained by the developer. It may no longer work for current versions of MediaWiki and Bugs are no longer fixed. Please see the Deprecated section for more information.

Manual on MediaWiki Extensions
List of MediaWiki Extensions
Crystal Clear action run.png

Release status: stable

Implementation other (invalid type)
Description Allows you to configure your Wiki to use https for confidential pages.
Author(s) Mati talk
Version 1.0 (2009-08-06)
MediaWiki 1.16 or later
License GPL v3 or any later version.
Download SourceCode in GIT
Parameters wgSecurePages
Example Try to login into this wiki.

Confidential Information, most commonly passwords, should never be transmitted through a plain HTTP connection since an eavesdropper can easily intercept that information. Using HTTPS is a solution but adds an additional load to your servers (for the encryption) so you don't want to use https if you are on "normal" pages. This extension solves just that problem: It redirects the user to HTTPS on just some pages while redirecting to HTTP on any other page.


The source code of this extension was hosted on, a project no longer maintained. Since this extension was so old, the git repository was not transfered to any other repository and the source code is no longer available.

Installation & Configuration

Warning: This extension does not work out of the box with MediaWikis older than 1.16. See MediaWiki 1.15.1 and older.

Before you go forward with installing this extension, you should make sure that your wiki is working fine with both HTTP and HTTPS. Otherwise, results may be unpredictable.

Other than that, the installation is straight forward:

  • Download the sourcecode into your extensions/ directory
  • Modify LocalSettings.php:
        require_once ( "$IP/extensions/SecurePages/SecurePages.php" );
        $wgSecurePages = array(
                -1 => array( 'UserLogin', 'Preferences', 'ChangePassword'),

$wgSecurePages configures which pages should be available only through https. The key of the array is the ID of the namespace, each listing a single page that might send confidential information. The above example classifies the Special:UserLogin, Special:Preferences and Special:ChangePassword as such pages.

It may also be necessary to set $wgCookieSecure to false in LocalSettings.php, otherwise the session cookie set by the https login may be inaccessible to the normal http browsing session.

MediaWiki 1.15.1 and older

This extension requires the BeforeInitialize Hook, which was added in r54318 of MediaWiki. MediaWiki versions 1.15.1 or older require that you manually add the Hook yourself. This is simple enough though: Simply add this line

wfRunHooks( 'BeforeInitialize', array( &$title, &$article, &$output, &$user, $request, $this ) );

to the initialize function in includes/Wiki.php. I personally tested this with MediaWiki 1.13 and 1.15.1, but it should also work on older versions.


1.0 (rev. 327)
  • first version documented here.
  • Note that this extension uses almost the same code as Extension:HttpsLogin and is its direct successor.


GPL v3 or any later version.

A lot of the sourcecode of this extension originally comes from here.