Docs

Bot protection

To protect your sign-ups from bots, Clerk leverages data from our CDN to determine whether a user attempting to sign up might be a bot or not.

Enable bot sign-up protection

  1. Navigate to the Clerk Dashboard.
  2. Go to User & Authentication > Attack Protection in the sidebar menu.
  3. In the Bot sign-up protection section, enable the feature and choose the CAPTCHA type you want to use:
    • Smart: The CAPTCHA widget will only be shown if the client is suspected to be a bot. Users suspected of being a bot will be shown a interactive challenge (like clicking a checkbox), in an attempt to verify they are human.
    • Invisible: Bot traffic will be automatically blocked. No CAPTCHA widget will be displayed. Users suspected of being a bot will not be allowed to sign up, and are shown an error message instructing them to reach out to your configured support email address.

Limitations

  • Clerk's Expo SDK does not support Bot sign-up protection yet.
  • If you're building a custom sign-up flow using Clerk's API, instead of using Clerk components, and you have enabled Bot sign-up protection, then you need to ensure you have added a DOM node to render the CAPTCHA widget. Refer to the Add bot protection to your custom sign-up flow guide for more information.

Feedback

What did you think of this content?
Edit this page on GitHub