The battle against MediaWiki spam

User ID:
Customer:
login

Sadly, there is another problem with MediaWiki — SPAM. Wikis are a common target for spammers wishing to promote products or web sites due to their open editing nature. There are many different anti-spam plugins for MediaWiki, but this support article will cover configuring Google's reCAPTCHA, which comes bundled with MediaWiki as part of the ConfirmEdit extension.

According to MediaWiki.org, "The ConfirmEdit extension lets you use various different CAPTCHA techniques, to try to prevent spambots and other automated tools from editing your wiki, as well as to foil automated login attempts that try to guess passwords."

Before anything else, you need to log into your shell account. To do this, you'll need a Secure Shell (SSH) client. You can read more about shell access on your hosting account here.

Before anything else, you need to log into your hosting account so that you can upload files. To do this, you'll need an FTP client. You can read more about FTP access on your hosting account here.

Getting your reCAPTCHA keys

You need to sign up for reCAPTCHA here and get a public and private key before you can use it. reCAPTCHA is now a part of Google which means that you can use an existing Google account if you already have one.

Once you have logged in to your existing / new Google account by following the link above, you'll be taken to a page with the title 'Create a reCAPTCHA key'. You need to enter the domain of the site that you'll be using. An example domain would be 'example.mythic-beasts.com'. You do not need to include the full path to your MediaWiki site, just the domain that it's part of. Alternatively, you can enable the key on all domains, but this is less secure. Once you are finished, click the 'Create Key' button. You should now see your reCAPTCHA account page with your Public and Private keys.

Enabling and Configuring reCAPTCHA

Once you are logged into your hosting account, you need to change directory into your MediaWiki directory. For example: cd www/example.mythic-beasts.com/mediawiki. We now need to load and configure reCAPTCHA in the 'LocalSettings.php' file. We'll be using the nano editor to edit the file. Start nano using the command nano LocalSettings.php.

I'm going to assume that you are using the free FileZilla FTP client for this support article. Once you are logged in to your hosting account with FTP, your current location will be your home directory. Double-click on the www to change into the web directory. You should now be able to see a directory that corresponds to the address of your website. Double-click on that directory to change into the root web directory for your site. From here, navigate to the directory where you installed MediaWiki.

We now need to download the 'LocalSettings.php' file so that we can edit it to enable and configure reCAPTCHA. Right-click on the file and select the download option. The file will be downloaded to the directory that you are currently viewing in the file browser on the left-hand side.

If you are using Windows, then you'll need to download a text editor such as Notepad++ that supports unix-style line endings. Notepad doesn't support these and won't be able to read the file properly.

If you are using Mac, then the built in TextEdit supports unix-style line endings, so you can use this to edit the 'LocalSettings.php' file.

Once you have the file open in a text editor, use the arrows or Page Down key to scroll to the bottom of the file. The last couple of lines should look like this:

# End of automatically generated settings.
# Add more configuration options below.

Leave a blank line and then input the following:

// Enable ConfirmEdit extension
require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" );
// reCAPTCHA plugin configuration
require_once("$IP/extensions/ConfirmEdit/ReCaptcha.php"); 
$wgCaptchaClass = 'ReCaptcha';
// Sign up for these at https://www.google.com/recaptcha/admin/create
$wgReCaptchaPublicKey = '[your public key here]';
$wgReCaptchaPrivateKey = '[your private key here]';

Make sure you replace [your public key here] and [your private key here] with the respective keys, removing any blank space between the key and the quotation marks. It's worth mentioning that any changes to the 'LocalSettings.php' file can be lost after an upgrade, so make a note of the lines that you are adding in case you have to put them in again after an upgrade.

There are five "triggers" on which CAPTCHAs can be displayed:

  • 'edit' - triggered on every attempted page save
  • 'create' - triggered on page creation
  • 'addurl' - triggered on a page save that would add one or more URLs to the page
  • 'createaccount' - triggered on creation of a new account
  • 'badlogin' - triggered on the next login attempt after a failed one.

To change these values from their defaults, you would need to add

$wgCaptchaTriggers['[value]'] = true (or false); 

replacing value with the name in quotation marks, of the trigger that you would like to enable or disable a CAPTCHA for.

For example, if you would like to enable CAPTCHAs for the edit and create events, your LocalSettings.php ConfirmEdit configuration would look like this:

// Enable ConfirmEdit extension
require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" );
// reCAPTCHA plugin configuration
require_once("$IP/extensions/ConfirmEdit/ReCaptcha.php"); 
$wgCaptchaClass = 'ReCaptcha';
// Sign up for these at https://www.google.com/recaptcha/admin/create
$wgReCaptchaPublicKey = '[your public key here]';
$wgReCaptchaPrivateKey = '[your private key here]';
// Enable for create and edit
$wgCaptchaTriggers['edit'] = true; 
$wgCaptchaTriggers['create'] = true; 	

Once you have done this, use the key combination Ctrl + o followed by Enter to save the changes. You can exit nano using the key combination Ctrl + x.

Once you have done this, save the changes to the 'LocalSettings.php' file. Right-click on 'LocalSettings.php' in the file browser on the left-hand side of FileZilla and choose the upload option. Make sure that the action is set to 'Overwrite' and click the 'OK' button.

That's It!

That's it! You should have CAPTCHAs now! You can read more about the ConfirmEdit extension here.