Restrict account creation
To restrict account creation, you need to edit LocalSettings.php in the root path of your MediaWiki installation.
# Prevent new user registrations except by sysops $wgGroupPermissions['*']['createaccount'] = false;
Note Note: You can use the ConfirmAccount extension if you want to set up an account confirmation queue. (If not you may still proceed as follows.)
Note Note: New users will still be able to be created by sysops, in the following manner:
Go to [[Special:Userlogin]], when logged in as a sysop.
Click on “Create an account” link to get to the account creation form.
Enter a username and an email address, and click the “by email” button. Note you need $wgEnableEmail=true or else the sysop must pick a password and send it to the user.
The account will be created with a random password which is then emailed to the given address (as with the “forgot password” feature). The user will be requested to change password at first login; when he does this, his e-mail address will also be marked as confirmed.
When you click the “create account” button instead, you have to manually send the user his password. If you’ve set $wgMinimalPasswordLength=0 (default configuration up to version 1.15) and you’ve left the password field blank, the user will be emailed an e-mail address confirmation request but will be unable to access Special:Confirmemail to perform the confirmation. Instead, he’ll get an error (unless you’ve added it to $wgWhitelistRead); he’ll be able to login with a blank password and then confirm email, but his password will not have been reset (he’ll have to reset it manually).
It may be appropriate to edit the text displayed when a non-user attempts to log in. This can be done at [[MediaWiki:Nosuchuser]], when logged in as a sysop. Use plain text without any special formatting, as the formatting is ignored and the text is literally rendered.
Restrict editing of all pages
Users will still be able to read pages with these modifications, and they can view the source by using Special:Export/Article name or other methods (see also bug 1859).
See Help:User rights and Manual:$wgGroupPermissions. Some examples of how to protect all pages from editing (not reading) by certain classes of users:
Restrict anonymous editing
$wgGroupPermissions['*']['edit'] = false;
Note: You may then also want to hide user tools for anonymous (IP) visitors: $wgShowIPinHeader = false;
Restrict editing by all non-sysop users
$wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['user']['edit'] = false; $wgGroupPermissions['sysop']['edit'] = true;
Restrict editing by absolutely everyone
$wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['user']['edit'] = false; $wgGroupPermissions['sysop']['edit'] = false;