I run a marketing site that's starting to attract a lot of bot traffic, particularly from the Netherlands, even though it's meant for the US market. I'm considering implementing Cloudflare's Turnstile at the front of the site, similar to what I've seen on other marketing sites, especially since I promote it through Google Ads. Would that be a good idea?
4 Answers
As someone working in bot detection for over a decade, I can say that Cloudflare catches pretty basic bots and offers DDoS protection. However, if you're looking to tackle more advanced issues, like click fraud, it won’t be very effective.
You should use Cloudflare's WAF to set up custom rules that challenge traffic from countries you don’t serve. For example, you could implement a rule that triggers a challenge for any traffic not originating from the US. This can significantly reduce the bot traffic from the Netherlands without bothering genuine users. Keep Turnstile for specific areas like forms.
I wouldn’t recommend putting Turnstile on the whole site. It could really hurt your conversion rates and make your ads seem untrustworthy. The better approach is to secure areas that are prone to bot attacks, like forms, logins, and checkouts. For those random visitors from the Netherlands, consider using Cloudflare's Web Application Firewall (WAF) and setting up bot rules to rate limit or challenge only the suspicious traffic.
Got it!
Yeah, exactly! WAF rules are perfect for situations like this. Just create a managed challenge rule for traffic not from the US, and save Turnstile for those areas that really need it, like forms.
Exactly. This way, you’re just challenging the bad traffic, while allowing real users through.