We're seeing a lot of spam account creation on Wiki's. https://phabricator.wikimedia.org/T327176 taught us that they're somehow getting around the Captcha that's already in place, and we thus identified the need for an additional security layer to make it harder for spammers to get around.
We want to introduce Query, see: https://www.mediawiki.org/wiki/Extension:QuestyCaptcha, in addition to the existing Captcha.
Our bet is that this is a more effective solution than either ReCaptcha or HCaptcha, since it requires a set of questions and answers that can only be answered by legit users.
AC:
- Use Questy in combination with ConfirmEdit as a Captcha for Mediawiki
- Should be easily manageable by Wiki admins in the Wikibase.cloud dashboard UI (collab with Charlie on this)
- Should be turned off by default
- Wiki admins should be able toggle whether they want to enable/disable Questy