Improving spam prevention via hCaptcha

As we continue to upgrade wikis to MediaWiki 1.35, we will begin changing wikis from basic question captchas to using hCaptcha, in an effort to bolster the anti-spam measures protecting MyWikis wikis from spam attacks.

hCaptcha is an alternative captcha to reCAPTCHA. While reCAPTCHA may be the industry leading captcha, we’ve chosen hCaptcha over it for a couple of reasons:

• In our experience, reCAPTCHA has been proven to be ineffective. Spambots can crack reCAPTCHA challenges by using its accessibility feature, which is easily cracked by using speech-to-text technologies. This results in spam on wikis, which obviously nobody likes.
• hCaptcha has recently been adopted by Cloudflare and other organizations to replace reCAPTCHA.
• hCaptcha is not controlled by Google.
• hCaptcha has a more effective system and doesn’t have the same accessibility vulnerability issue that reCAPTCHA has.
• hCaptcha provides small amounts of revenue to site owners in exchange for users’ solved captchas helping to categorize images. Depending on how much revenue this can generate, this may allow us to offer free services to select high-traffic wikis in the future.

So far, we have launched hCaptcha on a few of our high traffic wikis and are expecting it to be effective. We are excited to continue rolling out hCaptcha across all public MyWikis wikis as they are upgraded to MediaWiki 1.35.

We employ captchas on public wikis and semi-private wikis, in an effort to filter spammy anonymous edits, spammy account creation, and spammy account creation requests. This is our best line of defense from spam attackers. In the past three years, we have significantly improved our built-in spam protection on all of our wikis, so all wiki owners can have peace of mind that their wiki won’t be spammed to oblivion. Spam protection is available on all applicable MyWikis wikis by default.

Edit: We have backported hCaptcha to work on MediaWiki 1.31, so it will now be gradually rolled out on public-facing wikis.