I noticed Recapcha v3 makes the site slow.
Can Superbotffight mode prevent spam comment and spam form submissions in Wordpress?
Will i need ReCapcha any more ?
Super Bot Fight Mode will stop comment spam if automated but will not stop it if made by humans.
Also Super Bot Fight Mode is very restrictive and ANY automated or likely automated traffic might get blocked, including RSS readers, Feedburner, website status monitoring, APIs.
Now i know why my webstie showed downtimes
I better avoid it now then, seems like this will need more time
Cloudflare should not be used as a replacement for ReCaptcha under any sort of form submission, doing so involves severe security issues.
Why? Could you please elaborate ?
For starters, the captcha that we have from hcaptcha is fairly weak in the sense that anybody with a certain number of labeled data could solve it without much cost (this is no different than ReCaptcha, but the lack of client-sided strength of hcaptcha makes it weaker).
This is different if you have enterprise hcaptcha and you have access to their more secure version, the bounding box challenge, for example, makes ML attacks a bit more expensive for the attacker. My TL;DR is that unless you are an enterprise customer, you are better off with Recaptcha.
Ultimately, by relying on the challenge given by Cloudflare, you allow the attackers to solve only 1 challenge every x time, making any sort of attack cheap. If you ask the visitor to solve a challenge on every form submission, the attack becomes more expensive whether you rely on hcaptcha or Recaptcha.
Current captchas don’t stop bots, they slow them down (Speaking obviously of “smarter” bots, anybody can stop dummy bots).
The current ideal approach is to make a captcha human-friendly and cheap enough for you, so that the cost that an attack towards your site has is more expensive than it is to protect it.