From MediaWiki.org
Jump to: navigation, search
MediaWiki extensions manualManual:Extensions
Crystal Clear action run.png

Release status:Extension status unmaintained

ImplementationTemplate:Extension#type User rights
DescriptionTemplate:Extension#description Allows to restrict access to specified pages
Author(s)Template:Extension#username Jeremy Pyne (PyneJtalk)
Latest versionTemplate:Extension#version 1.0 (2007-06-12)
MediaWikiTemplate:Extension#mediawiki 1.10+
LicenseTemplate:Extension#license No license specified
Download See the code section
Hooks usedTemplate:Extension#hook

Translate the Blacklist extension if it is available at translatewiki.net

Check usage and version matrix.

The Blacklist extension restricts access to specified pages by adding a robust blacklist option to MediaWiki.


Save the code below to blacklist.php in MediaWiki's extensions folder.

Add the following line in the LocalSettings.php file:



Example: To block some special pages for normal users, but not sysops, do this.

$wgWhitelist['sysop']['read']  = $wgBlacklist['*']['read'] = array("Special:Export", "Special:ListUsers", "Special:IpBlockList", "Special:Log", "Special:AllMessages");

Or with a RegEx:

$wgBlacklistOps["useRegex"] = true;
$wgWhitelist['sysop']['read'] = $wgBlacklist['*']['read'] = array("^Special:(Export|ListUsers|IpBlocklist|Log|AllMessages)$");

Common Problems / Caveats[edit]

Rule Priority[edit]

White Lists will trump blacklists.

The system processes blacklists first then whitelists second. as a result doing something like this will result in the pages being fully accessible.

  $wgWhitelist['*']['read'] = $wgBlacklist['user']['read'] = array("^Special:.*$");

On a second note also keep in mind that these permissions will flow so just doing this won't work either as now no sysops will be able to see the pages(as they are all users too) and anonymous users will still be able to see it.

  $wgBlacklist['user']['read'] = array("^Special:.*$");

The way to make this work as you would expect, namely: block anonymous/users and let the rest see it, is as follows. We block everyone, then add a flowing whitelist permission to access the page.

  $wgWhitelist['sysop']['read'] = $wgBlacklist['*']['read'] = array("^Special:.*$");

Group Inheritance / Custom Groups[edit]

The groups will actually inherit permissions. What I mean is if a user belongs to multiple groups then the rules will be processed for EACH group in a specific order and thus can seam to flow.

For example if I want to revoke access to page x to the group "users" it will flow to sysops and bureucrat as well, as those accounts are also users. The examples provided demonstrates how to override the flowing permission via the white list. This example will block users, and admin and bureaucrat because of the hierarchy but then we give access back to the sysop group via the whitelist.

  $wgBlacklist['users']['read'] = $wgWhitelist['sysop']['read'] = array("^Special:.*$", "Test");

NOTE The flowing of permissions is not technically a function of mediawiki and as such it is a bit of a hack. Because there is no hierarchy in mediawiki this extension uses a static list for making this logic work. As a result if a new group is added, it will promptly be ignored by this extension. To get it to work as you would expect you need to edit the extension and add your group to the $groupPower array where you want it to appear in the hierarchy. And groups below it will inherit it's permissions and it will inherit any from above itself. Though again whitelist/blacklist can be used to override this.


Save this code as blacklist.php.

This code has been tested on MediaWiki 1.10.


  • 12 June 2007 -- Version 1.0 -- First release.
    Blacklist Mediawiki Extension
    By Jeremy Pyne  jeremy dot pyne at gmail dot com

    This extension adds support for a $wgBlacklist array, layed out like $wgGroupPermissions, to support overrides.
     	For example I can set $wgBlacklist['*']['read']  to diable specific special pages or
     	make some pages of the site only visible for special groups.
    This blacklisting is done from lowest to highest powered groups and is implisit.  IE if you deny Main Page to User, it also denies it for all parent's of user.
     	To override a blacklist at a higher level ou have to add an entry to $$wgWhitelist['sysop']['read'] to re-enable the pages if you are a sysop.

    	$wgBlacklistOps["useRegex"] = true;
    		This setting dictates whether to tread the page lists as regular expressions or not.  Though turning regular expressions off is much faster, you can not 
    		mark page groups, partial page titles, or variations of title formating.
    Example: To block some special pages for normal users, but not sysops do this.
    	$wgWhitelist['sysop']['read']  = $wgBlacklist['*']['read'] = array("Special:Export", "Special:Listusers", "Special:Ipblocklist", "Special:Log", "Special:Allmessages");
    Or wth a RegEx
    	$wgBlacklistOps["useRegex"] = true;
    	$wgWhitelist['sysop']['read'] = $wgBlacklist['*']['read'] = array("^Special:(Export|Listusers|Ipblocklist|Log|Allmessages)$");

     Note: This is not flawless method as page inclusions and such can get around this.

if (!defined('MEDIAWIKI')) die();

$wgExtensionCredits['other'][] = array(
    'name' => 'blacklist',
    'description' => 'adds $wgBlacklist array to provide blacklist overrides',
    'url' => 'https://www.mediawiki.org/wiki/Extension:Blacklist',
    'author' => 'Jeremy Pyne',
    'version' => '1.0'

$wgHooks['userCan'][] = 'checkBlacklist';

 * Is this page blacklisted
 * @param &$title the concerned page
 * @param &$wgUser the current mediawiki user
 * @param $action the action performed
 * @param &$result (out) true or false, or null if we don't care about the parameters
function checkBlacklist(&$title, &$wgUser, $action, &$result) {
	global $wgBlacklist;
	global $wgWhitelist;
	global $wgBlacklistOps;
	$hideMe = false;

	$groupPower = array(
		0 => "*",
		1 => "user",
		2 => "autoconfirmed",
		3 => "emailconfirmed",
		4 => "bot",
		5 => "sysop",
		6 => "bureaucrat");
	$myGroups = array_intersect($groupPower, $wgUser->getEffectiveGroups());

	foreach($myGroups as $myGroup) {
		if(array_key_exists($myGroup, $wgBlacklist) && array_key_exists($action, $wgBlacklist[$myGroup]) &&  is_array($wgBlacklist[$myGroup][$action]))
			if($wgBlacklistOps["useRegex"]) {
				foreach($wgBlacklist[$myGroup][$action] as $myBlacklist)
					if(preg_match("/$myBlacklist/", $title->getPrefixedText()))
						$hideMe = true;
			} else {
				$myBlacklist = array_flip($wgBlacklist[$myGroup][$action]);
				if(array_key_exists($title->getPrefixedText(), $myBlacklist))
					$hideMe = true;

		if(array_key_exists($myGroup, $wgWhitelist) && array_key_exists($action, $wgWhitelist[$myGroup]) &&  is_array($wgWhitelist[$myGroup][$action]))
			if($wgBlacklistOps["useRegex"]) {
				foreach($wgWhitelist[$myGroup][$action] as $myWhitelist)
					if(preg_match("/$myWhitelist/", $title->getPrefixedText()))
						$hideMe = false;
			} else {
				$myWhitelist = array_flip($wgWhitelist[$myGroup][$action]);
				if(array_key_exists($title->getPrefixedText(), $myWhitelist))
					$hideMe = false;

		$result = false;

	return !$hideMe;

See also[edit]