Extensions

This is a list of most extensions installed on Miraheze, sorted by three categories: global extensions that are enabled on every wiki that cannot be disabled (and a brief reason why), default extensions that are enabled on new wikis by default but can be disabled, and extensions that are not enabled by default but can be enabled on individual wikis. This page also includes some of those extensions which have been requested but cannot be installed, and a brief reason as to why.

Global Extensions
Some extensions are enabled by default across all Miraheze Wikis and cannot be disabled by local wikis. These extensions are listed below, with a brief reason as to why they are global.


 * AbuseFilter – Important anti-spam and anti-vandalism extension; allows administrators to prevent edits meeting certain regular expressions
 * AntiSpoof – Prevents impersonation user accounts from being created
 * BetaFeatures – Beta Features are installed globally but can be turned off in one's individual user preferences
 * CentralAuth – Defines the global user account system, without it user accounts would break
 * CentralNotice – Used for distribution of important notices about Miraheze, such as planned downtime
 * CheckUser – Important anti-vandalism extension that allows Miraheze Stewards to find and block the underlying IP ranges of vandalism accounts
 * CreateWiki – This is how new wikis are created (perhaps the most important extension!). Installed globally but only used on Meta. The extension is enabled globally due to technical reasons as ManageWiki requires this extension and wikis will break if it is not enabled.
 * CookieWarning – Required for legal/privacy reasons
 * ConfirmEdit – Important anti-spam tool, generates a CAPTCHA to prevent unauthorized automated actions
 * DataDump – Enables backups to be taken from wikis
 * DiscordNotifications – Is used to log edits to #wiki-feed on discord
 * DismissableSiteNotice – Makes sitenotices dismissable
 * Echo – This extension implements the user notification system
 * EventLogging – Required dependency for CentralNotice
 * EventStreamConfig – Required dependency for EventLogging
 * GlobalBlocking – Important anti-spam and anti-vandalism extension, allows Miraheze Stewards and Global Sysops to block IP addresses that vandalize multiple wikis
 * GlobalCssJS – Part of the global account system, allows users to have custom interface styling applied to all wikis
 * GlobalNewFiles (disabled)
 * GlobalPreferences – Part of the global account system, allows users to have default preferences (settings) on all wikis
 * IncidentReporting – Used internally by Miraheze system administrators for reporting incidents such as downtime. Installed globally but only has a function on Meta
 * Interwiki – Used to provide direct links from one Miraheze Wiki to another, and to other MediaWiki sites (such as these links to MediaWiki.org)
 * LocalisationUpdate – Essential/core part of MediaWiki interface
 * LoginNotify – Important security feature, notifies users about suspicious attempts to login to their accounts
 * ManageWiki – The extension used for managing wiki settings, including extensions. Turning this off would remove the ability to enable/disable other extensions
 * MatomoAnalytics – Internal Miraheze extension
 * MobileDetect – Adds  and   tags
 * Nuke – Important anti-vandalism extension, allows site administrators to mass delete multiple pages at once
 * OATHAuth – Important security feature, used for implementing 2-factor authentication
 * OAuth – Internal Miraheze extension, used for linking wiki accounts with accounts for Miraheze Phabricator
 * ParserFunctions – Essential/core part of MediaWiki interface
 * RemovePII – Enables removing private information
 * RenameUser – Implements the ability for Miraheze Stewards to rename user accounts on request (otherwise this would be impossible)
 * RottenLinks – Internal Miraheze extension that checks for dead or broken external links on wiki pages
 * Scribunto – Essential/core part of MediaWiki interface
 * SecureLinkFixer – Make sure all wikis using HTTPS
 * SpamBlacklist – Important anti-spam feature, allows administrators to blacklist spam websites from being mentioned
 * TitleBlacklist – Important anti-vandalism extension, allows administrators to prevent pages with certain titles and certain usernames from being created
 * TorBlock – Important anti-vandalism and anti-spam extension, prevents vandals from using Tor to rapidly change IP addresses
 * UserMerge – Allows Miraheze Stewards to merge contributions of one user account into another. Not used frequently but is used for various maintenance purposes
 * WikiDiscover – Internal Miraheze extension that shows all Miraheze wikis with some general information about them
 * WikiEditor – Essential/core part of MediaWiki interface
 * CLDR

Default Extensions
These extensions are enabled by default on all new wikis but can be disabled in Special:ManageWiki/extensions:


 * CategoryTree – Popular extension used by multiple wikis
 * Cite & CiteThisPage – Important and popular extension used for generating citations for wiki pages
 * DarkMode – Enables a dark user interface. Used for accessibility reasons and for personal preferences
 * GlobalUserPage – Allows users to display the content from their userpage on Miraheze Login Wiki on all wikis if they have not created a local userpage
 * MobileFrontend – Important MediaWiki feature for wikis that wish to support editing from mobile devices (which is the vast majority of wikis)
 * Purge – Adds in a purge button instead of needing to edit the URL to have "?action=purge"
 * SyntaxHighlight – Highlights syntax
 * UrlShortener – Adds the Get shortened URL to the sidebar
 * WikiSEO – Improves search results to the wiki

Other Extensions
These extensions are installed on Miraheze and can be enabled in Special:ManageWiki/extensions on any wiki but are not enabled by default:

Declined extensions
Many extensions have been requested but are not able to be installed for various reasons. The most common reasons are that the extension introduces security and/or privacy risks that cannot be mitigated, that the extension is not being actively maintained upstream, or that the extension conflicts with a global extension that cannot be removed. The following is a list of declined extensions, and a brief reason why they are declined.


 * AccessControl – Doesn't work on MediaWiki 1.29+, and also has privacy issues
 * BlueSpice – Security risk
 * Configure – No longer maintained upstream (hasn't worked since MediaWiki 1.18), and ManageWiki essentially does the same thing
 * ConfirmAccount – incompatible with CentralAuth - since user accounts exist globally it is not possible to have individual wikis require accounts be approved
 * DeleteBatch – Technical limitations, see T956
 * DNSlookup – Invades user privacy
 * EditAccount – Incompatible with CentralAuth - since user accounts are global, editing a user's information on one wiki would affect all wikis. Also allowing other users to change email addresses and passwords is a major privacy and security risk
 * EditUser – Same reasons at EditAccount
 * EmbedAnything – Security risk
 * External Data – Security risk (SQL injection)
 * ExternalLinks – Security risk, see T1555
 * Html2Wiki - Unreadable code, see T2740
 * Html5mediator – Declined due to security issues (arbitrary JS insertion), T1640.
 * Markdown – Not actively maintained upstream
 * MiniInvite – Security risk
 * MultiUpload – Not maintained upstream** - You can use MsUpload which provides similar functionality
 * OpenID Connect – Security risk
 * PageViewInfo – Incompatible with Miraheze, specific for Wikimedia
 * PluggableAuth – Security risk
 * SecurePoll – Reveals private information
 * Site settings – ManageWiki does the same thing (actually even more), and up until recently had a major security flaw
 * Tasks Extension – Flagged as unstable, indicating one or more parts, or even the entire extension, is broken
 * UserGroups – ManageWikiPermissions does the same thing.
 * Widgets – See 23-12-2020 Security Disclosure
 * WikiBanner – We don't accept ads
 * BlockBatch – Not Actively Maintained, See T7303.
 * Drafts – Not Actively  Maintained.
 * DisableAccount – Declined Due to Privacy Reasons
 * Extensions made by Fandom that do not have independent on mediawiki.org – extensions such as Special:Withoutimages, MediaWiki:ImportJS, and Special:AdminDashboard are too specific for Fandom. Use similar extensions instead.

Disclaimers

 * Requesting new extensions: If you would like to request a new extension, please create a task on Phabricator. Please be aware that any extensions which are not in use by one or more Wikimedia Foundation projects will require a security review before being installed. The purpose of this review is to check the code to make sure there are no vulnurabilities that would expose either Miraheze as a whole and/or individual users of the extension to security and/or privacy risks.


 * Restricted extensions: Some extensions in the list of globally enabled extensions are restricted and cannot be used by individual wikis and users, and can be used exclusively by members of either Miraheze Stewards and/or System administrators. This is usually for either or both of the following reasons: the extension reveals private information that under most circumstances should not be accessed, but may need to be accessed in order to stop spam and vandalism; and/or the extension has effects on the overall operation of Miraheze and therefore use of the extension outside of Meta Wiki would break things.


 * Note about MultiUpload: This extension is no longer being actively maintained upstream and therefore is unsuitable for Miraheze. However, users who are familiar with another wiki hosting service, ShoutWiki, may be aware that the extension in use there. The extension is only being maintained as a local copy by ShoutWiki developers for their specific service, and even these developers have indicated that they will not continue to maintain it if it ultimately breaks down. Therefore, please use MsUpload instead, which provides similar functionality.