Wikipedia talk:Protection policy

This page is not for proposing or discussing edits to protected pages. To request or propose a change to a page that you are not able to edit, place a message on its talk page. If the page is fully protected, you may attract the attention of an admin to make the change by placing the {{edit fully-protected}} template above your request. Requests placed here will probably be removed or ignored. If the page in question and its talk page are both protected please make your edit request at Wikipedia:Request for edit. To request that a page be protected or unprotected, see Wikipedia:Requests for page protection. To suggest that a move-protected page be renamed, see Wikipedia:Requested moves. To request that a deleted page protected against re-creation be re-created or restored, see Wikipedia:Deletion review. For information about protecting the main page featured article or other featured content, see Wikipedia:Main Page featured article protection.

This is the talk page for discussing improvements to the Protection policy page.

Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Learn to edit; get help. Assume good faith Be polite and avoid personal attacks Be welcoming to newcomers Seek dispute resolution if needed Shortcuts WT:PROTECT WT:PPOL

Archives: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18Auto-archiving period: 2 months

This project page does not require a rating on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Counter-Vandalism Unit This page is within the scope of the Counter-Vandalism Unit, a WikiProject dedicated to combating vandalism on Wikipedia. You can help the CVU by watching the recent changes and undoing unconstructive edits. For more information go to the CVU's home page or see cleaning up vandalism.Counter-Vandalism UnitWikipedia:Counter-Vandalism UnitTemplate:Counter-Vandalism UnitCounter-Vandalism Unit

The project page associated with this talk page is an official policy on Wikipedia. Policies have wide acceptance among editors and are considered a standard for all users to follow. Please review policy editing recommendations before making any substantive change to this page. Always remember to keep cool when editing, and don't panic.

This page is written in American English, which has its own spelling conventions (color, defense, traveled) and some terms that are used in it may be different or absent from other varieties of English. According to the relevant style guide, this should not be changed without broad consensus.

I propose updating the policy to explicitly cover the protection of operational pages used by bots and user scripts. While many of these pages are already protected, it would be better to include something in the policy. User:MDanielsBot/AIVStop is the most recent target of a disruptive edit, but this has also happened in the last year with User:Lowercase sigmabot III/Shutoff, User:ClueBot NG/AngryOptin, User:DatBot/Filter reporter/Run, User:GreenC bot/button, User:InternetArchiveBot/Dead-links, and User:Yapperbot/kill/FRS. If there is consensus, I would like to add a Protection of operational pages section under the Uncommon protections section as follows:

Operational pages used by software, including bots and user scripts, may be protected based on the type of use, content, and other considerations. This includes, but is not limited to, configuration pages, data pages, log pages, and status pages. However, personal CSS, personal JavaScript, and personal JSON are automatically protected and should not be protected for this reason.

Note that the intrapage links will omit the page name if this is added to the policy. Daniel Quinlan (talk) 00:01, 10 November 2024 (UTC)[reply]

I updated the proposed text slightly to remove Similar to templates which is unnecessary and I also updated the proposed location since it doesn't really fit in the Protection by namespace section. Most of the protections for this reason are in User space, but some are in Wikipedia space, Module space, and Template space. Daniel Quinlan (talk) 22:50, 18 November 2024 (UTC)[reply]

I went ahead and added the section with some minor rewording, and with one significant change: I added principally as an additional restriction to ensure this doesn't extend to cases where software happens to use a page (e.g., protecting Wikipedia:Arbitration Committee because a user script extracts the list of ArbCom members would not be covered).

If anyone has comments or concerns about this change to encode common practice in policy, please let me know. Thanks. Daniel Quinlan (talk) 20:12, 22 November 2024 (UTC)[reply]

Moved from Wikipedia talk:High-risk templates

Are there any "very" high risk templates or modules which need full protection or is template protection adequate? The guideline Wikipedia:High-risk templates is not clear on this matter, and there is an ongoing discussion about the protection of Module:WikiProject banner — Martin (MSGJ · talk) 20:52, 6 December 2024 (UTC)[reply]

Of course there are, and they mostly already are. Ones used on 10's of millions of pages which could cause severe disruption are good candidates, as are many that are part of the system interface. The FPROT request queue is seldom backlogged and serves as an effective check against protection. The policy (Wikipedia:Protection_policy#High-risk pages and templates) already makes allowances for this. If guideline text is outdated, it's a wiki..... — xaosflux ^Talk 21:24, 6 December 2024 (UTC)[reply]

In other policy, Wikipedia:Template editor makes passing mention of full protection. It's probably also worth re-reading the RfC, which talks about 'temporary', 'extraordinary', 'thousands of transclusions', and other things. -- zzuuzz ^(talk) 21:35, 6 December 2024 (UTC)[reply]

I think the 2013 RfC highlights the argument in favor of allowing template editors to edit many or all of the FPROT templates:

While full protection is an ideal temporary solution for articles that have demonstrated a state of overwhelming controversy, it is less ideal as a permanent precautionary measure for templates. Many editors who have shown an aptitude for coding templates, and have earned the trust of the community in doing their work, may not necessarily be administrators, nor even be interested in becoming administrators.

Non-administrators do have the ability to request edits at fully-protected templates for administrators to enact on their behalf, but there is a significant shortage of administrators who have the time and necessary skills to do this reliably. Coders also tend to find this extra step more than a mere annoyance: Technical work is largely rewarding to technically-minded people in that they value the hands-on experience. Many end up choosing to avoid having to verbalize uncontroversial edit requests made to convince someone else to enact an edit on their behalf, by simply avoiding work on fully-protected templates altogether.

I think WP will be better off letting template editors work on FPROT templates. If there are template editors who have lost the trust of the community, the right answer is to remove their template editor rights, rather than FPROT the templates they work on. (Bias alert: I am an template editor). — hike395 (talk) 06:36, 8 December 2024 (UTC)[reply]

I am of two minds on this one. I am a very experienced template editor, and I mostly know my limits. When I have doubts about my ability to successfully implement an edit, I test it in the sandbox, ask on the talk page or VPT, or both. Every once in a while, the Dunning-Kruger effect kicks in, and I do not have doubts but get something wrong. If I see the problem, I either quickly revert or quickly fix the problem. About once a year, I am dunned by other template editors and admins for such behavior, but nothing ventured, nothing gained, I figure. Template editors fix a lot of stuff around here.

A few times per year, I encounter a fully protected template or other transcluded page that I can't edit, so I put the edit in the sandbox and put in an edit request on the template's page, with a full explanation of the esoteric change that I am requesting. Admins have always gotten to these requests within a couple of days, IIRC. About half the time, a sensible admin will lower the page's protection to template protection because it no longer meets the FP requirements.

About the same number of times per year, I encounter some nice-to-have fix that I want to make to an FP page, but I don't bother with an edit request because it seems trivial. That, to me, is the only downside to denying FP template editing to template editors. Overall, I'd say that I can live with this inconvenience for the tradeoff of protecting these pages against template editors who are less careful than I am; there have been a few of them over the years. – Jonesey95 (talk) 04:52, 9 December 2024 (UTC)[reply]

Pulling a random number out of the air, but anything with >1 mil transclusions probably should be FPROT, if only as a final check to make sure folks are really paying attention to what they are doing. Raising the protection on a template because one template editor made mistakes one time seems a bit overkill, and a word to said template editor would probably be more effective, especially as it would leave a (digital) paper trail for if those sorts of things were a regular occurrence. The above being said, I have no issue with having TPER on pages with >1mil transclusions if they're fairly static or there's a TPE that has demonstrated they can update the template properly (i.e. sandboxing first, etc). Primefac (talk) 15:14, 9 December 2024 (UTC)[reply]

According to Wikipedia:Database reports/Templates transcluded on the most pages, there are just 198 template and module pages with 999K or more transclusions. Looking at the list, I see a lot of low-level, sometimes intricately used, tools that I (a template editor) wouldn't dare mess with without a discussion, along with some pretty simple templates that should not need frequent maintenance. Heck, I even created one of them, {{Short description/lowercasecheck}}, but now that it is used in six million pages, I wouldn't like to see template editors monkeying with it casually. I don't see a problem with one million as a threshold for automatic FP. – Jonesey95 (talk) 06:23, 12 December 2024 (UTC)[reply]

Under WP:FULL, the protection policy includes Pages that are transcluded very frequently on the list of pages that are usually fully protected for an indefinite period of time. That seems pretty clear. It might be worth having a report somewhere for pages with more than one million transclusions that aren't fully protected, though. Daniel Quinlan (talk) 08:14, 12 December 2024 (UTC)[reply]