[PREVIEW] forumify 1.1: New Spam Protection Features
By
jannes
,
Mar 22, 2026
Hi all!
With the platform's 1.1 release scheduled for next Sunday we're excited to share another set of improvements and QoL changes that will be added in the next update.
Enhanced Spam Protection
Anyone who's been on the internet for some time knows that it is filled with bots and malicious users. forumify 1.1 adds several new spam protection features.
Google reCAPTCHA configuration
So far our first line of defense on the login and registration pages was Google reCAPTCHA. In forumify 1.1 we will allow admins to configure the sensitivity of recaptcha by providing a value between 0 and 1. reCAPTCHA always sends back a value "how likely someone is to be human". Pre-1.1, this value was hardcoded to 0.8, which we found to be a good balance. Now we put that responsibility with site admins to lower it and accept more bot traffic at reduced false positives, or vice versa, stricter rules with more chance of false positives.
Cloudflare Turnstile
It's always nice to have options. Cloudflare Turnstile is another captcha service that has been gaining popularity in recent years, and I'm sure you've come across this box in the past. Turnstile offers a similar experience to reCAPTCHA. You can enable it instead of reCAPTCHA, or run both at the same time! (although we don't recommend the latter 😀)
Rate Limiting
The final cherry on the cake for the spam protection features is rate limiting. On forumify 1.0, if a malicious user were to get in, there's no way to stop them from posting hundreds of comments and spamming all of your users in the blink of an eye. Causing a massive headache and big cleanup operation by your admin team. Rate limiting will slow down attacks to a crawl. We've currently set default values that we think are appropriate for most communities, but for self-hosted communities these values can be overwritten. Super admins are also excluded from any rate limits.
Self-Hosted instances can change this values by creating a "rate_limiter.yaml" configuration:
framework:
rate_limiter:
forumify.message:
policy: 'sliding_window'
limit: 3
interval: '10 seconds'
forumify.comment:
policy: 'sliding_window'
limit: 3
interval: '10 seconds'
Plugin Developer Notes
Custom spam protection services can now be created and added to the platform by creating a class that implements SpamProtectionServiceInterface. You can take a look at TurnstileService or RecaptchaService for more information.
Closing Words
With these changes, it's always a challenge to find a good balance between not interrupting our real users, while making it hell for bots to get in. With the rising threat of AI and more advanced bots than ever before, we realize it's an uphill battle, and even platforms with huge mega corporations behind them struggle with keeping unwanted traffic out. We hope these features can help, and with some additional moderation tools we can keep our forums thriving with human interactions 😉