Site Domains
This is to define the website(s) MTCaptcha will be used in production (end user facing).
Examples:
Development & Test Env Domains
This is to define the website(s) MTCaptcha will be used for development and testing.
To insure MTCaptcha can correctly profile and protect your site against bots and abuse while minimizing friction to real human users, it is important to correctly identify Production and Development domains in site settings.
Enable Low Friction Fuzzy Match
MTCaptcha will sometimes allow successful captcha verification with one (single) incorrect character match. This ‘fuzzy match’ will only happen when the MTCaptcha Risk Engine deems the risk to be very low.
Statistically this feature improves first time pass rate to over 95% for real humans while still making it very difficult for bots.
This feature can be enabled or disabled by toggling the flag for ‘Enable Low Friction Fuzzy Match’ in Site Settings.
Captcha Text Length (Characters)
By default MTCaptcha uses minimum of 4 characters and maximum of 8 characters in its image captcha, serving shorter or longer captcha’s based on calculated risk.
If an easier or more difficult captcha is wanted, this range can be customized to a minimum of 3 characters to a maximum of 10 characters.
Note: for the Modern Mini form factor the maximum supported characters is 8.
Enable JavaScript Config Captcha Text Length
This flag is to enable customization of captcha character size at browser render time using javascript. This is useful when the website has its own risk estimation and want to set captcha difficulty programmatically.
For full documentation on how to use this securely please see Developers Guide - Customize Captcha Text Length.
Enable Low Friction Invisible Captcha
This flag is to enable Low Friction Invisible Captcha.
Once enabled, the captcha will be invisible for most users, and will only be shown when some level of risk is calculated by MTCaptcha’s Risk Engine.
For more information see our
Make sure to disable the widget loading animation when invisible captcha is enabled. To disable the loading animation use the ‘loadAnimation’ javascript config param:
var mtcaptchaConfig = {
...
"loadAnimation": "false"
};
Disable Powered by Mtcaptcha
The ‘Powered By MTCaptcha’ message in the widget can be disabled by setting this flag.
Enable Threat Spect
The MTCaptcha Threat SPECT provides insight and actionable risk profile of each visitor.
Additional risk info will be returned in the CheckToken API, and threat analytics will be enabled in the Admin Dashboard.
See Developers Guide - Threat SPECT for complete description of this feature.
Sample Threat SPECT dashboard
Disable Mtcaptcha Privacy & Terms
The ‘Privacy & Terms’ link on the widget can be disabled by setting this flag.
Note: For best privacy compliance, it is recommended the hosting sites own Privacy and Terms be updated to include MTCaptcha before this is disabled.
Enable Ip Whitelist Invisible Captcha
This flag is to enable IP Whitelist Invisible Captcha.
Once enabled, the captcha will be invisible for users visiting from IPs within the whitelist.