Bot Protection
To protect your Sign Ups from Bots, Clerk leverages data from our CDN to determine whether a user attempting to sign up might be a bot or not.
Clerk offers two captcha widget display modes:
- Smart: The captcha widget will only be shown if the client is suspected to be a bot
- Invisible: No captcha widget will be displayed, even if the client is suspected to be a bot
When set to Smart, users suspected of being a bot will be shown a interactive challenge (like clicking a checkbox), in an attempt to verify they are human. When set to Invisible, users suspected of being a bot will not be allowed to sign up, and are shown an error message instructing them to reach out to your configured support email address.
To configure Bot Protection for your Sign Ups, head to the Attack Protection section of the Clerk Dashboard.
Limitations
- Bot Protection Captcha only supports web environments. Native environments are not supported yet, except if they are using a WebView.
- If you are re-implementing Sign Ups with a Custom Flow and have activated the Smart widget, then you need to ensure you have added a DOM node for the visible challenge. Refer to the Custom Flow guide for more information.