Skip to main content
Docs

Bot protection

To protect your sign-ups from bots, Clerk leverages data from our CDN to determine whether a user attempting to sign up might be a bot or not.

Enable bot sign-up protection

  1. In the Clerk Dashboard, navigate to the Attack protection page.
  2. Enable the Bot sign-up protection toggle.
    • When enabled, users suspected of being a bot will be shown an interactive challenge (like clicking a checkbox) to verify they are human. The CAPTCHA widget will only be shown if the client is suspected to be a bot.

Warning

If your application previously had the Invisible CAPTCHA type selected, it's highly recommended to switch to the Smart option, as the Invisible option is deprecated. For newer applications, CAPTCHA type options are no longer shown in the Dashboard. Bot protection uses the Smart option by default and is enabled by turning on the Bot sign-up protection toggle only.

Limitations

  • Clerk uses Cloudflare for bot detection, which isn't supported in non-browser environments (e.g. Expo, Chrome Extension). If you're using any of these SDKs, disable bot protection from the Clerk Dashboard.
  • If you're building a custom sign-up flow using the Clerk API instead of using Clerk components, and you have enabled Bot sign-up protection, then you need to ensure you have added a DOM node to render the CAPTCHA widget. Refer to the Add bot protection to your custom sign-up flow guide for more information.

Feedback

What did you think of this content?

Last updated on

GitHubEdit on GitHub