Advanced Spam Protection

Configure advanced bot protection methods

Available Protection Methods

reCAPTCHA

Google's solution

Get Keys →

hCAPTCHA

Privacy-focused

Get Keys →

Cloudflare

CDN-integrated

Get Keys →

Built-in

Automatic detection

No setup required

Which service should you choose?

reCAPTCHA

Best for: Universal recognition, high security

  • • Most widely recognized
  • • Strong bot detection
  • • Google's machine learning
  • • Good for high-traffic sites

hCAPTCHA

Best for: Privacy compliance, EU businesses

  • • GDPR compliant
  • • No Google data sharing
  • • Customizable themes
  • • Site owner monetization

Cloudflare

Best for: Enterprise scale, CDN integration

  • • Invisible challenges
  • • Global CDN performance
  • • Enterprise features
  • • Bot Fight Mode integration

Built-in

Best for: Quick setup, basic protection

  • • No external dependencies
  • • Automatic detection
  • • No API keys needed
  • • Good for testing
1

Google reCAPTCHA

Industry-standard bot protection trusted by millions

🔑 Get Your reCAPTCHA Keys

Set up your Google reCAPTCHA account and get your API keys in under 5 minutes.

Step-by-Step Setup:

1

Visit Google reCAPTCHA

Go to recaptcha.google.com

2

Register your site

Click "Create" and enter your domain

For testing: Add localhost and 127.0.0.1 to allowed domains
3

Choose your type

Select v2 ("I'm not a robot") or v3 (invisible)

4

Copy your keys

Save your Site Key and Secret Key

✨ Key Features:

  • v2: "I'm not a robot" checkbox
  • v3: Invisible scoring (0-1)
  • Machine learning detection
  • Global threat analysis
Pro Tip

Use v3 for better UX (invisible), but v2 for higher security. Start with v3 and adjust based on your needs.

⚙️ Configure in MFC Dashboard

Settings → Spam Protection

Navigate to spam settings

Enter your keys

Site Key and Secret Key from Google

Set threshold (v3 only)

Recommended: 0.5 for balance

Save & Test

Submit a test form to verify

✅ Testing Checklist

reCAPTCHA widget appears on forms
Legitimate submissions pass
Blocked submissions are logged
Analytics show detection rates

Implementation Tips

  • Use v3 for invisible protection
  • Use v2 for higher security requirements
  • Test thoroughly before going live
2

Cloudflare Turnstile

Enterprise-grade protection with invisible challenges

🚀 Get Started with Turnstile

Cloudflare's privacy-first CAPTCHA alternative with invisible challenges and high accuracy.

Quick Setup (5 minutes):

1

Login to Cloudflare

Go to dash.cloudflare.com

2

Create Turnstile site

Turnstile → Add Site → Enter domain

For testing: Add localhost and 127.0.0.1 to allowed domains
3

Choose widget type

Managed (invisible) or Non-interactive

4

Copy API keys

Save Site Key and Secret Key

✨ Key Features:

  • Invisible challenges (no user friction)
  • Privacy-first approach
  • Global CDN for fast loading
  • Advanced threat intelligence

🛡️ Bonus: Bot Fight Mode

Enable additional protection in Cloudflare:

Security → Bots → Enable Bot Fight Mode
Configure challenge sensitivity
Set up rate limiting rules

⚙️ Connect to MFC Dashboard

Settings → Spam Protection

Select Cloudflare Turnstile

Paste your keys

Site Key and Secret Key from Cloudflare

Choose widget mode

Managed (recommended) or Non-interactive

Save & Test

Submit form to verify protection

Implementation Tips

  • Use "Managed" mode for invisible protection
  • Combine with Bot Fight Mode for enhanced security
  • Monitor analytics to adjust sensitivity
Best Practices
  • • Use "Managed" mode for invisible protection
  • • Combine with Bot Fight Mode for enhanced security
  • • Monitor analytics to adjust sensitivity
  • • Ideal for high-traffic websites
3

hCAPTCHA

Privacy-first protection that respects user data

🔐 Privacy-Focused Protection

hCAPTCHA offers GDPR-compliant bot protection without compromising user privacy.

Quick Setup (5 minutes):

1

Visit hCAPTCHA Dashboard

Go to hcaptcha.com/signup

2

Create account/site

Sign up and register your domain

For testing: Add localhost and 127.0.0.1 to allowed domains
3

Choose challenge type

Checkbox or Invisible mode

4

Copy your keys

Save Site Key and Secret Key

✨ Key Features:

  • GDPR compliant & privacy-focused
  • No data sharing with Google
  • Site owner monetization options
  • Customizable themes & branding
  • Advanced analytics dashboard
Pro Tip

Perfect for EU businesses or sites with strict privacy requirements. Offers monetization for site owners.

⚙️ Configure in MFC Dashboard

Settings → Spam Protection

Select hCAPTCHA as protection method

Enter your API keys

Site Key and Secret Key from hCAPTCHA

Customize appearance

Choose theme and size options

Save & Test

Submit form to verify protection

Implementation Tips

  • Perfect for EU businesses with GDPR requirements
  • Configure themes to match your site design
  • Test thoroughly across different devices

Additional Features

  • Customizable challenge themes
  • Advanced analytics and reporting
  • Multiple integration options
4

Advanced Configuration

Fine-tune your protection with custom settings and monitoring

⚙️ Custom Scoring & Thresholds

Fine-tune your spam detection with custom thresholds and weighted scoring.

📊 Smart Scoring System

reCAPTCHA v3 Score
40% weight
hCAPTCHA Score
35% weight
MFC Detection
25% weight
Final Threshold 70+ points = Block

Quick Configuration (3 minutes):

1
Go to Settings → Advanced Spam Settings
2
Set custom thresholds for each service
3
Adjust weights based on your needs
4
Test and monitor results

✨ Advanced Benefits:

  • Custom thresholds for each service
  • Weighted scoring across multiple methods
  • Industry-specific sensitivity tuning
  • Real-time performance optimization

📈 Real-Time Monitoring

Track your spam protection effectiveness with detailed analytics:

Detection Rates

Blocked vs. allowed submissions

False Positive Reports

Legitimate users incorrectly blocked

Alert Thresholds

Email alerts for unusual patterns

Export Reports

CSV/PDF exports for compliance

🔧 Common Issues & Solutions

CAPTCHA Not Appearing
  • • Verify API keys are correct
  • • Check domain whitelisting
  • • Clear browser cache
  • • Check console for JavaScript errors
Too Many False Positives
  • • Lower score thresholds
  • • Whitelist trusted IP ranges
  • • Use multiple detection methods
  • • Adjust sensitivity settings
Performance Issues
  • • Enable lazy loading
  • • Use CDN for faster loading
  • • Monitor API response times
  • • Consider invisible challenges
Pro Tips
  • • Start with default thresholds, then customize
  • • Monitor for 1-2 weeks before major adjustments
  • • Use A/B testing for different settings
  • • Document your configuration for team reference

💡 Advanced Spam Protection FAQ

🛡️ Which method should I choose?

reCAPTCHA for universal recognition, hCAPTCHA for privacy compliance, Cloudflare for enterprise scale, or MFC built-in for simplicity.

🔄 Can I use multiple services?

Yes! Layer multiple protections for maximum security. MFC combines results using weighted scoring for optimal detection.

⚖️ How do I handle false positives?

Lower thresholds, whitelist trusted IPs, use multiple detection methods, and monitor analytics to fine-tune sensitivity.

📊 How do I monitor effectiveness?

Check your dashboard for detection rates, review blocked vs. allowed submissions, and export reports for compliance auditing.

⚡ What's reCAPTCHA v2 vs v3?

v2 shows "I'm not a robot" checkbox for higher security. v3 is invisible with risk scoring (0-1) for better user experience.

Can I customize hCAPTCHA appearance?

Yes, hCAPTCHA offers customizable themes and styling options to match your website design.

🚀 Can I change methods later?

Absolutely! Switch between protection methods anytime in your dashboard. Your settings are preserved and easily adjustable.

📱 Does it work on mobile?

Yes! All methods are mobile-optimized. reCAPTCHA v3 and Turnstile work seamlessly on all devices without user interaction.

Need Help?

Contact our support team for assistance

Contact Support Email Support

Need Help?

Our support team is here to help you with your integration.

Contact Support