Cascading protection

Cascading protection feature added

A new software feature to guard against sophisticated "indirect" vandalism of the Main Page has been implemented. Dubbed "cascading protection", it automatically applies to local images and templates, which have been frequent targets for this type of vandalism.

As a very high-traffic page, the Main Page has long been an attractive target for vandals. Because it includes a constantly changing variety of elements, vulnerabilities have occasionally appeared when nobody thinks to protect a new element, or even an element of an element. The feature, which "cascades" the regular protection feature down to such elements, was developed primarily by Andrew Garrett (User:Werdna). Chief Technical Officer Brion Vibber enabled it in the MediaWiki software and applied cascading protection to the Main Page at 09:55 (UTC) on 14 January.

Cascading protection operates as follows: If a page is protected using the feature, any pages included in it will also be protected for as long as they remain included in it. This protection should take effect instantly and automatically even if templates are included dynamically by a mechanism such as that used by the Main Page. Administrators can enable cascading protection by means of a checkbox on the usual protection form.

Vibber pointed out that cascading protection does not apply to images hosted on the Wikimedia Commons. This means that the image will need to be protected manually by an administrator on the Commons project. In the first few months of that project, complaints were voiced about its responsiveness to such requests, but now the matter is handled fairly routinely.


The feature was developed while a separate effort was underway to run a bot that would achieve similar results. ProtectionBot, a bot run by Dragons flight, was the subject of a much-debated request for adminship, in order to obtain the administrator-only function of protecting and unprotecting pages. This followed a request for approval of bot status, which was generally supported, but it was suggested that the issue of a bot with administrator abilities needed to be brought before a wider audience.

Once the cascading protection feature had been added to MediaWiki, Dragons flight withdrew the request on 11 January. Although he said the bot "has certain functionality that exceeds that provided by Werdna's patch, I feel the technical situation has changed too greatly for this RFA to continue to be valid." Dragons flight expressed appreciation to Garrett and the other developers who helped address the problem, while also expressing frustration with the process. Reflecting on the energy devoted to getting the bot approved, he commented, "A good idea, that can be shown to work, should not require this much effort."

At the time the request was withdrawn, there was actually a decent possibility that it would have succeeded. Counts of supporting and opposing comments at the time of withdrawal showed 185 in favor and 41 opposing, with 13 neutral or abstaining comments. Weighing supporters against opponents would put 82% in favor, slightly above the 80% threshold that has commonly been treated by bureaucrats as justifying administrator status without controversy.

A substantial portion of the opposition expressed concern that the source code for the bot was not public. Dragons flight did share the code with a number of other Wikipedians, but declined to release it generally, stating that it could easily be modified to create a vandalbot. Others remained uncertain about giving a bot abilities normally reserved for administrators.

Garrett, who came up with the solution, was actually one of those opposing the request for adminship. In his opinion, "this kind of thing needs to be implemented as part of MediaWiki", along with some of the other functions filled by bots. Others pointed out that the small number of developers makes it difficult to hope that such features would be implemented unless something forces the issue.

+ Add a comment

Discuss this story

To follow comments, add the page to your watchlist. If your comment has not appeared here, you can try purging the cache.
No comments yet. Yours could be the first!


The Signpost · written by many · served by Sinepost V0.9 · 🄯 CC-BY-SA 4.0