|This page in a nutshell: Interface administrators are highly trusted users able to edit all CSS/JS/JSON pages, gadgets, and MediaWiki messages.|
The ability to edit CSS/JS that is executed in other users' browsers is very powerful and extremely dangerous in the hands of a malicious user; interface administrators should be users who are highly trusted, have at least a basic understanding of CSS and JS, are aware of the privacy expectations of Wikimedia wikis, and have a decent understanding of how to secure their account (choosing strong and unique passwords, avoiding malware infection, and preferably using two-factor authentication). The WMF Office requires all interface administrators to use two-factor authentication.
There are currently 15 interface administrators. If you need assistance from an interface administrator, you can make a request at the Interface administrators' noticeboard. Note there is a similiar global group, who may use their access subject to the global rights policy.
Process for requesting
- Venue: Wikipedia:Bureaucrats' noticeboard
- Process: Admin makes a request, with a rationale, at the bureaucrats’ noticeboard, to request interface administrator access. The request will remain open for 48 hours for first-time requests. Re-admin requests, not under a cloud, will not have a waiting period. No notice at other noticeboards is required. Bureaucrats may inquire about why admins are requesting access at their discretion. Editors may discuss the applicant, but the final decision rests with the reviewing bureaucrat.
- Duration of right: Permanent by default, can be temporary if requested.
Removal of permissions
Permission should be removed by bureaucrats in the following circumstances:
- Interface administrators who have made no edits or other logged action for at least 2 months or who have made no edits using the permission for at least 6 months should have the user right removed.
- Voluntary request by the interface administrator at the bureaucrats' noticeboard.
- After misuse of the access by consensus (e.g. at Wikipedia:Administrators' noticeboard).
- Upon removal of administrator access, for any reason.
- By request of the Arbitration Committee.
Any bot operator requesting access for their bot(s) must possess the user right permanently themselves.
All bot operators are urged to enable 2FA for their bot accounts, use OAuth, and create a strong account password for maximum security. Bureaucrats, and BAG, may ask bot operators to enforce these security measures at their discretion.
- Sitewide pages, such as MediaWiki:Common.js or MediaWiki:Vector.css, or the gadget pages listed on Special:Gadgets, and other user's subpages
- Any administrator can edit other pages in the MediaWiki namespace and all JSON pages.
- All registered users may edit their own personal js/css/json pages as used by Wikipedia:User scripts.
- WMF 2FA requirement as published on metawiki.
- Limited to administrators in this September 2018 RfC
- Limited to administrators in this October 2018 RfC
- This process was approved in this RfC.