# Bot protection

To protect your sign-ups from bots, Clerk leverages data from our CDN to determine whether a user attempting to sign up might be a bot or not.

## Enable bot sign-up protection

1. In the Clerk Dashboard, navigate to the [**Attack protection**](https://dashboard.clerk.com/~/protect/attack-protection) page.
2. Enable the **Bot sign-up protection** toggle.
   - When enabled, users suspected of being a bot will be shown an interactive challenge (like clicking a checkbox) to verify they are human. The CAPTCHA widget will only be shown if the client is suspected to be a bot.

> If your application previously had the **Invisible** CAPTCHA type selected, it's highly recommended to switch to the **Smart** option, as the **Invisible** option is deprecated.
> For newer applications, CAPTCHA type options are no longer shown in the Dashboard. Bot protection uses the **Smart** option by default and is enabled by turning on the **Bot sign-up protection** toggle only.

## Limitations

- If you're building a custom sign-up flow using the Clerk API instead of using Clerk components, and you have enabled **Bot sign-up protection**, then you need to ensure you have added a DOM node to render the CAPTCHA widget. Refer to the [Add bot protection to your custom sign-up flow](https://clerk.com/docs/guides/development/custom-flows/authentication/bot-sign-up-protection.md) guide for more information.

---

## Sitemap

[Overview of all docs pages](https://clerk.com/docs/llms.txt)