Table of Contents
Like every website that accepts user contributed content, wikis are a target of spammers. DokuWiki has a few built-in methods to avoid spam. Additional methods can be added via plugin.
Access Control (built-in)
The simplest method to protect your wiki from spam is to let only trusted users to use it. Refer to the Access Control Lists (ACL) feature on how to set that up.
Of course this is not a viable option for community driven wikis. Read on for the other options that helped to keep dokuwiki.org spam free for years without having to disable anonymous edits.
URL Blacklisting (built-in)
As an active method against known spammers their URLs can be blocked. When a spammer tries to post a known spam-URL, the save will be aborted. DokuWiki comes with a small blacklist of URLs we encountered here on dokuwiki.org, but you can easily add your own.
See blacklist for details how this works.
Delayed Indexing (built-in)
To discourage spammers, DokuWiki uses a feature called DelayedIndexing. It tells search engines to not index pages that were recently updated. On an active wiki, spam will be removed very quickly by community members. Once a page has not been edited for a while, you can assume the community approves of the pages content and thus is spam-free.
See indexdelay for how to configure the time after which a page is considered old enough to be indexed and how to turn of this feature.
Mass Revert (built-in)
Whenever a spammer succeeds in spamming a huge amount of pages, it becomes hard to remove all the spam manually again. DokuWiki comes with the Revert Manager plugin which allows you to easily revert all pages back to a version where it did not contain spam.
A very effective method to protect your wiki against automated spam attacks is the use of a CAPTCHA. The most recommended plugin is the CAPTCHA plugin. It has various levels of usability settings and its default is invisible to most human users while still very effective against bots.
Installing this plugin is highly recommended on public wikis!
Registration Protection (plugin)
Spam bots are known to automatically register on wikis which will create a huge amount of useless, fake users. If you allow people to self register, it is advisable to protect the registration against spam bots. The CAPTCHA plugin is able to do that. Another option is the preregister Plugin which adds an email confirmation to the registration process.
Of course you can also disable the registration completely using the disableactions option.
Hint: should your wiki have been hit by a registration bot in the past, you can easily delete users by removing them from the
conf/users.auth.php file instead of manually deleting them via the user manager.
Check the plugin list for plugins tagged with spam to find more plugins to protect your wiki.