Documentation for Confluence 5.4.
Documentation for Confluence OnDemand and earlier versions of Confluence is available too.

Skip to end of metadata
Go to start of metadata

You need to be a Confluence administrator to configure Captcha for spam prevention in Confluence.

If your Confluence site is open to the public you may find that automated spam is being added, in the form of comments or new pages.

You can configure Confluence to deter automated spam by asking users to prove that they are human before they are allowed to:

  • Sign up for an account.
  • Add a comment.
  • Create a page.
  • Edit a page.
  • Send a request to the Confluence administrators.

Captcha is the technical term for a test that can distinguish a human being from an automated agent such as a web spider or robot. You can read more about Captcha on Wikipedia.

When Captcha is switched on, users will need to recognise a distorted picture of a word, and must type the word into a text field. This is easy for humans to do, but very difficult for computers.

Screenshot: Example of a Captcha test


You can configure Confluence to enforce Captcha for certain types of users. You can exempt logged-in users (they will have completed a Captcha when they signed up) or members of particular groups.

By default, Captcha for spam prevention is disabled. If you enable it, the default is that Captcha for spam prevention will apply to anonymous users only. Only anonymous users will have to perform the Captcha test when creating comments or editing pages. Captcha images will not be shown to logged-in users.

To enable Captcha for spam prevention in Confluence:

  1. Choose the cog icon  at top right of the screen, then choose Confluence Admin.
  2. Choose Spam Prevention in the left-hand panel.
  3. Choose ON to turn on Captcha.
  4. If you want to disable Captcha for certain groups:
    • Select No one if you want everyone to see Captchas.
    • Select Signed in users if you want only anonymous users to see Captchas.
    • If you want everyone to see Captchas except members of specific groups, select Members of the following groups and enter the group names in the text box.
      You can click the magnifying-glass icon to search for groups. Search for all or part of a group name and click the Select Groups button to add one or more groups to the list.
    • To remove a group from the list, delete the group name.
  5. Choose Save.

5 Comments

  1. Cool. This is a valuable option. Thanks for providing it. I was hoping, that we could run our public wiki without any hurdles but now the spam people are trying to sneak in loads of links and I am happy, that this spam protection helped us with these automated clowns.

  2. Sure but can you please remove the captcha for logged in users on this, your public confluence wiki? It takes me at least 2 tries to fill it in each time I add a comment.

    1. correctly filled in, fails and the "Save" button becomes a "publish.name" button
    2. correctly filled in, click "publish.name" and it may fail or succeed
    3. repeat (2) until success

    Logged at CONF-26837 - CAPTCHA on comments on public Atlassian Confluence Wiki fails Resolved

    Edited: this repeating fail issue also occurs when editing a comment that I made originally - still logged in, same browser session.

    Edited: looks like it has been fixed in Confluence 4.3.3 ( CONF-26619 - Incorrect captcha causes button string to show i18n key and gives a strange error message Closed ) - thanks Atlassian!

    1. not fixed; confluence 5.2 rc1 still has the issue (as well as all others versions in between)

  3. why does it take 3 to 7 attempts of (correct!) word entry until Confluence accepts the captcha input?

    Why does Atlassian not fix this issue? It has been reported at least since Confluence 4.0 , if not even earlier.

    It is especially annoying that Atlassian's support pages (confluence.atlassian.com) have this issue, reported thousands of times already but neither fixed nor turned off by Atlassian's server configuration (administrator)

    This feature is totally useless as long as Atlassian doesn't fix it.

  4. Anonymous

    Still getting spam with captcha on. Switch to recaptcha. Your mechanism sucks Atlassian.