Admin tools development/Roadmap

Global renaming of user accounts

 * Overall status : Code mostly written; to be tweaked and deployed
 * Code tasks
 * - code Create a tool that is essentially a global version of the pre-existing RenameUser extension, which allows privileged users (stewards on WMF sites) to rename global accounts.
 * Adjustment to provide a limit for accounts with fewer than 5,000 edits globally, for performance concerns.
 * Longer-term, we will need a solution for renaming accounts with 5,000 or more global edits.

Global blocking of user accounts and anonymous IP addresses

 * Overall status : Code written; to be deployed
 * Code tasks
 * ✅ - In 1.21wmf11 In CentralAuth provide a mass account-locking (200 accounts at a time) tool.
 * ✅ - Global (and local) blocking based on XFF headers 23343 - Prevent edits that use multiple proxies if one proxy in the chain is blocked

Global CheckUser tool

 * Overall status : Requirements somewhat gathered; awaiting developer time.

Global AbuseFilter tool

 * Overall status : Code written; deployed to test2, test, mediawiki
 * Code tasks
 * ✅ - code Allow defining AbuseFilter rules on a central location (Meta-Wiki) and apply these rules against edits on all Wikimedia wikis. See AbuseFilter Priorities / Design for details.
 * ✅ - code Global AbuseFilter variables/throttling. See AbuseFilter Priorities / Design for details.

SUL Audit

 * Overall status: Databases are ready for querying, ongoing
 * Tasks
 * ✅ - Procure hardware (db29), slave s7.centralauth, and load all other user tables
 * - Creating and running queries
 * - Initial scripts to migrate non-clashing users ("pass0" and "pass1" or their replacements)

Miscellaneous

 * code review 12518 - Fix cross-wiki userrights reflects groups on local wiki, not target wiki - code in 36330
 * ✅ shell request 43913 - Fix all "User@metawiki" entries to just "User" in the meta user rights log; requires just a single SQL query to be run (probably via maintenance/runBatchedQuery.php) by shell users.

Open tasks
This is necessary because nowadays bots can crack most CAPTCHAs easily and still post their spam, whereas the blurry word is a great inconvenience to some human editors (see also 5309 about internationalization concerns) and has the potential to raise the barrier of entry for humans. Some ideas and insights in this e-mail thread: Captcha for non-English speakers II. This could address a number of previously identified issues, such as merging the previous ad hoc anti-spam tools into one powerful tool and keeping the lists on database instead of on wiki pages. See admin tools development/Phalanx for some initial thoughts and concerns. See also 27988 This is prioritized as a low-priority item because changing the User-Agent is very trivial, but like some of the pre-existing anti-spam methods (such as the SimpleAntiSpam extension, which is enabled on all WMF wikis), it's an easy way to block the dumbest spambots. Prioritized as low, because clearing your cookies is pretty easy, just like changing your IP address.
 * Finalise Single User Login (SUL) to forcibly rename all clashing local accounts. (Blocker for Echo and Flow; OAuth etc.; …) - see SUL Audit, above.
 * Replace Single User Login with simpler system (shared DB?) to pay down technical debt.
 * Evaluate the effectiveness of the current CAPTCHA system (ConfirmEdit extension) and look into possible new CAPTCHA systems or other alternative ways of verifying that the editor is a human being and not a bot.
 * Set up a git repository for the Phalanx extension, clean up the code and fix whatever bugs there are, and evaluate the possibility of enabling Phalanx on WMF wikis (with Meta-Wiki as the central database, i.e. the database where its tables will be stored in).
 * ✅ - The e-mail black list (which prevents account registration or sending e-mail using matching addresses) is currently split into a file that only shells can access, or an entirely-public list on Meta-Wiki. A middle-ground tool which could only be accessed by a small number of users would be a significant improvement for privacy purposes.
 * 25000 - Better IP throttling configuration - Allow local sysops to temporary variation of the IP throttles for particular IPs and IP ranges (e.g. so that an event with a lot of expected newbies would not hit the "too many account creations from your IP" issue), which currently can only be solved by a user with shell access, or individually-creating accounts by local sysops. The code hooks for this functionality already exist, and an extension - Extension:ThrottleOverride - written which could be deployed.
 * 13601 - An extension to one-click revert all of a user's actions on RecentChanges - Create an extension which allows to revert all actions in the recentchanges table by a given user. Such a tool would be useful for reverting edits made by vandalism-only accounts and maybe some spambots.
 * Block known spambot user agents - Extend the AbuseFilter extension to allow preventing edits (and/or other actions) if the user's User-Agent string matches a known spambot UA. The Bad Behavior extension contains a list of spambot or otherwise problematic User-Agent strings.
 * 3233 - Send a cookie with each block to block IP-changing vandals.
 * Extend GlobalBlocking to accounts. - Current the extension only allows for global blocking of IPs. However, Stewards are currently fulfilling requests to "block" registered users by locking their accounts in SUL. This workaround is imperfect to say the least. For example, it requires that the user have attached their accounts to work. Regardless of any debate as to whether accounts should be subject to global blocking, it is in fact happening, and the tool being used is not designed for that use case. Previous discussion on bug 15294.
 * 15273 - Split GlobalBlocking action options out like local blocks - Currently, checking "Block anonymous users only" on a global block blocks anonymous users and also prevents them from creating accounts.
 * 42734 - Hide AbuseFilter logs for deleted pages - Automatically hide any AbuseFilter logs for public filters, for pages that were later deleted.
 * Integrate bits.wikimedia.org/geoiplookup into Admin Tools, e.g. CheckUser, so that users do not have to use a third party tool (16068?)
 * Enable OpenID (as a provider) for all global Wikimedia accounts, based off users.wikimedia.org.
 * 20189 - Allow suppression using the RevisionDeletion tool of multiple revisions of deleted page (existing functionality in action=history which is needed in Special:Undelete).
 * 60373 - Convert Oversight revisions to (revision deleted) suppressed on Wikimedia wikis.