Manual:$wgRateLimits

Details
This setting provides a simple rate limiter to brake floods of edits and other potentially destructive behavior, like sending out emails to other users.

It sets a maximum number of actions allowed in the given number of seconds; after that, the violating client receives HTTP 429 error pages until the period elapses.

To check if a rate limit has been exceeded, use the User::pingLimiter function.

For example, to set a maximum of 4 edits per 60 seconds for "newbie" (i.e. non-man>Special:MyLanguage/Manual:Autoconfirmed users|autoconfirmed) users, add the following:

The  limit applies to both unregistered and "newbie" users. The  limit applies by action and user, and the   limit by action and IP. So if you have many newbies using the same IP address, they all aggregate in the same count for the  limit. This might have wanted and unwanted effects. If you for example have a code sprint with a huge number of (legitimate) new users, they might hit the IP limit rather quickly, which might be unwanted. On the other hand, spammers who use several different accounts from the same IP address will hit it as well, which will be wanted.

By setting  the limitations for a specific action can be marked as not skippable. If that is set, neither the noratelimit user right nor the $wgRateLimitsExcludedIPs setting have any effect for that action.

 must be set to a value other than CACHE_NONE for this setting to work.

Default value
Extensions can provide additional keys for $wgRateLimit.

E.g.  provides a "badcaptcha" key, which allows to throttle users based on the number of wrong answers they have given to a captcha. An example might be:

This will allow newbie users not more than 100 wrong answers per day (86400 seconds).

Version differences

 * The 'mailpassword' array was added in MediaWiki 1.7.0.


 * The 'emailuser' array was added in MediaWiki 1.10.0.


 * The 'linkpurge' array was added in MediaWiki 1.22.0.


 * The 'renderfile' array was added in MediaWiki 1.22.0.