diff --git a/actions/mediawiki b/actions/mediawiki
index 09afa60e8..84ae9e472 100755
--- a/actions/mediawiki
+++ b/actions/mediawiki
@@ -73,6 +73,7 @@ def subcommand_setup(_):
     subprocess.run(['chmod', '-R', 'o-rwx', data_dir], check=True)
     subprocess.run(['chown', '-R', 'www-data:www-data', data_dir], check=True)
     include_custom_config()
+    _fix_non_private_mode()
 
 
 def include_custom_config():
@@ -102,6 +103,21 @@ def include_custom_config():
         conf_file.writelines(lines)
 
 
+def _fix_non_private_mode():
+    """Drop the line that allows editing by anonymous users.
+
+    Remove this fix after the release of Debian 11.
+
+    """
+    with open(CONF_FILE, 'r') as conf_file:
+        lines = conf_file.readlines()
+
+    with open(CONF_FILE, 'w') as conf_file:
+        for line in lines:
+            if not line.startswith("$wgGroupPermissions['*']['edit']"):
+                conf_file.write(line)
+
+
 def subcommand_change_password(arguments):
     """Change the password for a given user"""
     new_password = ''.join(sys.stdin)
@@ -154,34 +170,26 @@ def subcommand_private_mode(arguments):
     with open(CONF_FILE, 'r') as conf_file:
         lines = conf_file.readlines()
 
-    def is_edit_line(line):
-        return line.startswith("$wgGroupPermissions['*']['edit']")
-
     def is_read_line(line):
         return line.startswith("$wgGroupPermissions['*']['read']")
 
-    edit_conf_lines = list(filter(is_edit_line, lines))
     read_conf_lines = list(filter(is_read_line, lines))
     if arguments.command == 'status':
-        if edit_conf_lines and read_conf_lines:
-            print('enabled' if ('false' in read_conf_lines[0]) and (
-                'false' in edit_conf_lines[0]) else 'disabled')
+        if read_conf_lines and 'false' in read_conf_lines[0]:
+            print('enabled')
         else:
             print('disabled')
     else:
         with open(CONF_FILE, 'w') as conf_file:
             conf_value = 'false;' if arguments.command == 'enable' else 'true;'
             for line in lines:
-                if is_edit_line(line) or is_read_line(line):
+                if is_read_line(line):
                     words = line.split()
                     words[-1] = conf_value
                     conf_file.write(" ".join(words) + '\n')
                 else:
                     conf_file.write(line)
 
-            if not edit_conf_lines:
-                conf_file.write("$wgGroupPermissions['*']['edit'] = " +
-                                conf_value + '\n')
             if not read_conf_lines:
                 conf_file.write("$wgGroupPermissions['*']['read'] = " +
                                 conf_value + '\n')
diff --git a/plinth/modules/mediawiki/__init__.py b/plinth/modules/mediawiki/__init__.py
index 0c95ad9cf..e8a057f9e 100644
--- a/plinth/modules/mediawiki/__init__.py
+++ b/plinth/modules/mediawiki/__init__.py
@@ -16,7 +16,7 @@ from plinth.modules.firewall.components import Firewall
 
 from .manifest import backup, clients  # noqa, pylint: disable=unused-import
 
-version = 7
+version = 8
 
 managed_packages = ['mediawiki', 'imagemagick', 'php-sqlite3']