Configuring Captcha for Spam Prevention

If your Confluence site is open to the public (you allow anonymous users to add comments, create pages etc) you may find that automated spam is being added, in the form of comments or new pages.

You can configure Confluence to deter automated spam by asking users to prove that they are human before they are allowed to:

  • Sign up for an account.

  • Add a comment.
  • Create a page.
  • Edit a page.
  • Send a request to the Confluence administrators.

Captcha is a test that can distinguish a human being from an automated agent such as a web spider or robot. When Captcha is switched on, users will see a distorted picture of a word, and must enter it in a text field before they can proceed. 

Screenshot: Example of a Captcha test

By default, Captcha is disabled.  When enabled, the default is that only anonymous users will have to perform the Captcha test when creating comments or editing pages. You can also choose to enforce Captcha for all users or members of particular groups. 

You need System Administrator permissions to configure Captcha for spam prevention in Confluence.

To enable Captcha for spam prevention in Confluence:

  1. Choose the cog icon , then choose General Configuration under Confluence Administration
  2. Choose Spam Prevention in the left-hand panel.
  3. Choose ON to turn on Captcha.
  4. If you want to disable Captcha for certain groups:
    • Select No one if you want everyone to see Captchas.
    • Select Signed in users if you want only anonymous users to see Captchas.
    • If you want everyone to see Captchas except members of specific groups, select Members of the following groups and enter the group names in the text box.
      You can click the magnifying-glass icon to search for groups. Search for all or part of a group name and click the Select Groups button to add one or more groups to the list.
    • To remove a group from the list, delete the group name.
  5. Choose Save.

Was this helpful?

Thanks for your feedback!

10 Archived comments

  1. User avatar

    Martin Seibert (//SEIBERT/MEDIA, Germany)

    Cool. This is a valuable option. Thanks for providing it. I was hoping, that we could run our public wiki without any hurdles but now the spam people are trying to sneak in loads of links and I am happy, that this spam protection helped us with these automated clowns.

    10 Dec 2010
  2. User avatar

    Diane Sexton

    Sure but can you please remove the captcha for logged in users on this, your public confluence wiki? It takes me at least 2 tries to fill it in each time I add a comment.

    1. correctly filled in, fails and the "Save" button becomes a "publish.name" button
    2. correctly filled in, click "publish.name" and it may fail or succeed
    3. repeat (2) until success

    Logged at CONF-26837 - CAPTCHA on comments on public Atlassian Confluence Wiki fails Resolved

    Edited: this repeating fail issue also occurs when editing a comment that I made originally - still logged in, same browser session.

    Edited: looks like it has been fixed in Confluence 4.3.3 ( CONF-26619 - Incorrect captcha causes button string to show i18n key and gives a strange error message Closed ) - thanks Atlassian!

    09 Oct 2012
    1. User avatar

      Hans-Peter Geier

      not fixed; confluence 5.2 rc1 still has the issue (as well as all others versions in between)

      07 Aug 2013
  3. User avatar

    Hans-Peter Geier

    why does it take 3 to 7 attempts of (correct!) word entry until Confluence accepts the captcha input?

    Why does Atlassian not fix this issue? It has been reported at least since Confluence 4.0 , if not even earlier.

    It is especially annoying that Atlassian's support pages (confluence.atlassian.com) have this issue, reported thousands of times already but neither fixed nor turned off by Atlassian's server configuration (administrator)

    This feature is totally useless as long as Atlassian doesn't fix it.

    07 Aug 2013
  4. User avatar

    Anonymous

    Still getting spam with captcha on. Switch to recaptcha. Your mechanism sucks Atlassian.

    16 Jan 2014
  5. User avatar

    Matt Mieckowski

    Is it possible to have captcha for Confluence OnDemand?  "Spam Prevention" is not on the left hand panel, and I can't find a setting for it anywhere.

    01 Jun 2014
    1. User avatar

      Rachel Robins [Atlassian Tech Writer]

      Hi Matt, sorry for the slow reply, had to do some hunting to solve this one for you.  Turning CAPTCHA on and off is restricted to  users with system administrator permissions. For OnDemand you can raise a support request here http://support.atlassian.com/ to have CAPTCHA enabled for your instance. 

      I've updated the Restricted Functions in Atlassian OnDemand page to include this info, and will update this page in the OnDemand docs to reflect the process.

      03 Jun 2014
  6. User avatar

    Adrian Wieczorek

    I'm still getting spam comments added by anonymous users to my Confluence pages despite the captcha being turned on! Looks like the mechanism has been cracked already or there is a flaw in your implementation. Atlassian, please take a look into this as I'm getting tired of removing spam comments everyday. (sad)

    PS: I'm using Confluence OnDemand (Cloud) version.

    10 Jul 2014
  7. User avatar

    David Cramblett

    We have captcha enabled, but still continue to get spam all the time. Can you please improve the security of this module?

    09 Oct 2014
  8. User avatar

    Bob Kennedy

    We too are getting spam with captcha turned on. Seems like the only secure method is to require login? Of course this means every public wiki will need to have thousands of users and definitely affect Confluence licensing.

    Atlassian needs to fix this--fast.

    19 Dec 2014
Powered by Confluence and Scroll Viewport