At Inspry, we are dedicated to ensuring the highest levels of security and performance for our clients’ WordPress websites. With the growing sophistication of spammers, bots, and AI scrapers, we’ve recently introduced more advanced measures to safeguard your sites from unwanted traffic and fake users. These new protections are designed to prevent malicious activities while improving overall website security without negatively affecting the user experience.

For clients already using Cloudflare, we’re pleased to announce the addition of new security enhancements, including custom Cloudflare Web Application Firewall (WAF) rules and Cloudflare Turnstile captchas. These upgrades are provided at no additional cost to our existing Managed WordPress Support customers. For clients not currently using Cloudflare, we encourage considering its benefits in the future, though these changes will not impact your current setup.

The Rising Threat of Spam and Bots

As online threats evolve, spammers and bots have become increasingly aggressive in targeting websites. These threats can take several forms, including:

• Fake registrations: Bots and spammers create fake accounts to attempt access of restricted content or send spam. This can result in thousands of fake user accounts within a short period of time that have to be often manually removed.
• Fraudulent orders: Often placed to test stolen credit card information, allowing scammers to verify the cards’ validity for larger unauthorized purchases. This often leads to thousands of fake, failed orders in the WooCommerce backend. While typically harmless, these orders can slow down the website and need to be cleaned up afterward,
• AI-powered scrapers: Automated programs extract huge amounts of data from your site, consuming valuable resources and often repurposing your content without directing users to your site.

New Cloudflare WAF and Turnstile Protections

To address these growing threats, we’ve introduced the following security measures:

1. Cloudflare Custom Firewall and Security Rules

We’ve implemented custom rules within Cloudflare’s WAF to block unwanted traffic from AI scrapers, malicious bots, and other non-human visitors. Key benefits include:

• Blocking AI bots: Automated tools attempting to scrape your content or conduct malicious actions are intercepted before they can access your site.
• Reducing server load: Blocking unnecessary traffic at the firewall level preserves server resources, improving site performance for genuine users.
• Preventing security breaches: Tailored rules allow us to specifically target the latest threats, ensuring ongoing protection for your site.

2. Cloudflare Turnstile Captchas for WordPress Forms

Spammers often target WordPress registration and login forms to create fake accounts or gain unauthorized access. To combat this, we’ve introduced Cloudflare Turnstile captchas on all WordPress registration and login forms for Cloudflare users. These captchas help ensure that only legitimate users can log in or create accounts, reducing spam registrations. Turnstile is more efficient than traditional captchas and typically doesn’t require any user interaction unless suspicious behavior is detected, allowing for a seamless user experience.

Upcoming Changes: Turnstile Captchas for WooCommerce and Other Forms

Looking ahead, we plan to extend these protections by adding Cloudflare Turnstile captchas to WooCommerce checkout and other WordPress forms that currently don’t utilize captchas.

Why Choose Cloudflare Turnstile?

While many are familiar with Google reCAPTCHA, it has been criticized for being intrusive and frustrating for legitimate users. Tasks like identifying hard-to-read text or selecting images can hurt the user experience and even lead to abandoned transactions. In contrast, Cloudflare Turnstile offers a far more user-friendly solution:

• Non-intrusive: Turnstile operates in the background, avoiding the challenges that frustrate users.
• AI-powered fraud detection: Turnstile uses AI to identify and block malicious traffic without hindering legitimate visitors.
• No user interaction needed: Most users won’t even notice Turnstile, apart from a badge visible near the submit button. It silently verifies visitors as human without requiring any input.

What to Expect Next

The Cloudflare WAF and Turnstile captchas on registration and login forms are already live, so you may see the Cloudflare captcha badge on your site. While we don’t anticipate any issues, there may be edge cases where specific users experience problems. If you or your users encounter any issues, please reach out to us immediately so we can address them.

In the coming weeks, we’ll also roll out Turnstile captchas for WooCommerce order forms and other relevant WordPress forms. If your website is already using Cloudflare through Inspry, these updates will be applied automatically as part of our continuous security enhancements.

For clients not yet using Cloudflare, we highly recommend adopting these services to take advantage of these protections at no extra cost. Our team is available to guide you through the setup process and ensure your site is fully secure.

Protecting Your Website from Modern Threats

At Inspry, we remain dedicated to providing the best possible protection for your WordPress site as part of your monthly WordPress managed support. Our latest rollout of Cloudflare WAF and Turnstile ensures your website is protected from modern threats like AI bots, scrapers, and fraudulent orders, all while maintaining the best user experience possible.

If you have any questions or concerns about these changes, or if you encounter any issues, don’t hesitate to contact us. We look forward to continuing to provide cutting-edge security solutions for your WordPress website!