Sign in Subscribe
By MW in article

How the Moderation Extension Helps You Fight Spam Bots

The Moderation extension is a lightweight anti‑spam tool designed for small and medium MediaWiki sites. By routing every edit and upload from untrusted users into a moderation queue, it stops spam bots before their changes ever appear in the wiki’s history or RecentChanges.

Why Moderation beats traditional captchas

  • New users see a normal edit – no annoying captchas or phone verification.
  • Only the queued change is hidden; legitimate contributors keep working without interruption.
  • Blocks become almost unnecessary – a spam bot cannot damage the site until a moderator rejects the edit.

How it works

  1. When a user without the skip-moderation right saves a page or uploads a file, the action is stored in the moderation table instead of creating a revision.
  2. The author receives a message: “Your edit has been sent to moderation. You can continue editing your version of the page.” The edit is visible only to that user.
  3. Moderators use Special:Moderation – a view similar to RecentChanges – to Approve, Reject, or Reject all pending edits.
  4. Approved edits are applied normally; rejected edits go to a private Rejected archive and never touch the public page history.

Key configuration for spam‑bot protection

// Enable moderation (default is true)
$wgModerationEnable = true;

// Only moderate in selected namespaces (optional)
$wgModerationOnlyInNamespaces = [ NS_MAIN, NS_TALK ];

// Exclude namespaces that never need moderation (e.g., file uploads)
$wgModerationIgnoredInNamespaces = [ NS_FILE ];

// Send an email to the moderation team for every new pending edit
$wgModerationNotificationEnable = true;
$wgModerationEmail = 'moderators@example.org';

These settings keep the queue small and focus moderator attention on the namespaces where spam is most likely.

Combining Moderation with other anti‑spam extensions

Moderation runs after extensions such as AbuseFilter and ConfirmEdit. Use them together to catch obvious bot patterns early (e.g., repeated links) and then let Moderation handle anything that slips through.

Best practices for a low‑maintenance setup

  • Promote trusted contributors to the automoderated group – they bypass the queue entirely.
  • Keep the skip-moderation right for bots or services that need unrestricted API access.
  • Enable $wgModerationUseAjax = true (or the newer $wgModerationEnableAjax) to approve items without page reloads, speeding up bulk review.
  • Regularly prune the moderation table (e.g., delete rejected rows older than 30 days) to prevent database bloat.

When Moderation is not enough

If you face a flood of automated registrations, consider adding a CAPTCHA extension like QuestyCaptcha to the account‑creation flow. Moderation will still block the spam edits, but the extra hurdle reduces the number of bot accounts that ever reach the queue.

Conclusion

By separating suspicious edits from the live wiki, Moderation gives you a clean, user‑friendly front‑end while giving moderators a simple “approve or reject” workflow. When paired with AbuseFilter and ConfirmEdit, it forms a robust, low‑impact shield against spam bots on any MediaWiki installation.

Subscribe to MediaWiki Tips and Tricks

Don’t miss out on the latest articles. Sign up now to get access to the library of members-only articles.
jamie@example.com
Subscribe