After configuring and running a web-server with apache2, PHP installation and MySQL setup + a MediaWiki installation etc. blah I now run into some problems/security questions.
1.) Block access/display to/of critical files
If I run a text-editor to edit a settings file .php, the editor (I use jed) always creates a backup named filename.php~
this backup is READABLE! by everybody who types that URL in their browser. that is f.e. the file localhost/mediawiki/LocalSettings.php~
Well I don't have to tell you, what plain stuff there could be read!
How can I get rid of this? Don't tell me the texteditor settings have to change. I mean access rights to those .php~ .html~
2.) Limit access in general
How can I set only very few valid entrypoints, and every other access is forbidden? I don't want ppl to go on f.e. localhost/mediawiki/maintenance/purge.php
... even if it does nothing, I don't want it! How to set?
3.) Display correct URL in browser?
The entry point is localhost/mediawiki/index.php
. index.php is always shown, how can I turn this off? It looks noobish... No greater wiki site I know has this displayed. Even further URLs display the index.php, f.e. localhost/mediawiki/index.php/Coding
4.) How to setup SSL (https://) capability? If of any use?
Thx in advance!