I thought cloudflare provided their own captcha and bot protection. It would be really hard to defend against targeted attack tbh.
I'll also look into this thanks. My thoughts are its likely a blunt instrument - perhaps i could set it to block a country of origin but it would affect every valid user from that country and they would need to do the captcha regularly
I thought Cloudflare had an 'Under Attack' mode.
I think you can specifically target the Registration page only.
Thanks for the suggestion and i'll look into it. Not sure if 1 registration every minute will count as under attack and could end up blocking valid registrations. But if i can restrict it to the registration page only then this could work well if the user has to a captcha to proceed
edit:
actually this could be a great suggestion - thanks bee-liever. I'll do some more research but this could be the way to go