I propose this as a study item.

In simplest implementation would be to run a Tor node on one of our VM's to use it as the hidden site access gateway.
Yes, I grant it it sounds dangerous but there are ways to isolate the traffic and keep the node contained. Access to TMO (and wiki I suppose) would only be allowed either read-only or authenticated from that node.
It could even be set up as a request-only use; an user wanting to have Tor access to our sites would need to be pre-authenticated by staff to do that.