website/content/docs/webmasters/configuring-difficulty-factor/index.md

---
title: "Configuring Difficulty Factor"
description: "mCaptcha has options to configure its proof of work engine
behavior, this page explains how to determine difficulty facotrs that
work best for your website!"
lead: ""
date: 2022-06-22
lastmod: 2021-06-22 20:17
draft: false
images: []
menu:
  docs:
    parent: "Webmasters"
weight: 512
toc: true
---

mCaptcha is highly responsive to detecting DDoS attacks. Admins are
advised to take advantage of it by setting low [difficulty
factors](/docs/terminology/difficulty-factor/) for normal traffic levels
for their website.

**Lowest advisable difficulty factor is 5000.**

For instance, if it is normal for my website to get 2000 requests for
every 30 seconds, I will set a [cool
down](/docs/terminology/cooldown-period) period of 30 seconds and the
first level of difficulty configuration will have a [visitor threshold](/docs/terminology/visitor-threshold) of 2000 with a
difficulty factor of 5000.

There are two modes to setting difficulty factor for your website on
mCaptcha:

### Easy option

Easy mode asks a few basic statistics about your website and generates a
configuration that should work for your website. Currently, easy mode is
guided by assumptions on suitable difficulty factors to protect a
website but it will be fine-tuned as mCaptcha sees more deployment.

Configuration generated by easy mode can be tweaked later using the
advance mode, as you become more familiar with how mCaptcha works.

{{% img src="new-sitekey-easy-mode.png" alt="new sitekey form in easy mode" %}}

### Advance option

Advance mode gives the admin granular control over how mCaptcha behaves
on their website. It has options to set the difficulty factor for each
level of traffic(or visitor threshold, in mCaptcha speak), fully taking
advantage of mCaptcha's variable difficulty factor feature.

For instance, if it is normal for a website to get 200 requests over 30
seconds, then setting a very low difficulty factor for a visitor
threshold of 200 and a cool down period of 30 seconds will allow the
users to pass through without waiting on the CAPTCHA. But if 1000
requests over 30 seconds will bring down the service, then the admin can
configure increasing levels of difficulty factor of increasing traffic
levels, effectively rate limiting its users and protecting the
underlying website.

{{% img src="new-sitekey-adv-mode.png" alt="new sitekey form in advance mode" %}}
feat: add configuring site key guide 2022-08-01 22:25:46 +05:30			`---`
			`title: "Configuring Difficulty Factor"`
			`description: "mCaptcha has options to configure its proof of work engine`
			`behavior, this page explains how to determine difficulty facotrs that`
			`work best for your website!"`
			`lead: ""`
			`date: 2022-06-22`
			`lastmod: 2021-06-22 20:17`
			`draft: false`
			`images: []`
			`menu:`
			`docs:`
chore: refactor 2023-10-27 21:39:40 +05:30			`parent: "Webmasters"`
feat: add configuring site key guide 2022-08-01 22:25:46 +05:30			`weight: 512`
			`toc: true`
			`---`

			`mCaptcha is highly responsive to detecting DDoS attacks. Admins are`
			`advised to take advantage of it by setting low [difficulty`
fix: broken links from relative URLs 2022-08-01 23:03:44 +05:30			`factors](/docs/terminology/difficulty-factor/) for normal traffic levels`
feat: add configuring site key guide 2022-08-01 22:25:46 +05:30			`for their website.`

			`Lowest advisable difficulty factor is 5000.`

			`For instance, if it is normal for my website to get 2000 requests for`
			`every 30 seconds, I will set a [cool`
fix: broken links from relative URLs 2022-08-01 23:03:44 +05:30			`down](/docs/terminology/cooldown-period) period of 30 seconds and the`
			`first level of difficulty configuration will have a [visitor threshold](/docs/terminology/visitor-threshold) of 2000 with a`
feat: add configuring site key guide 2022-08-01 22:25:46 +05:30			`difficulty factor of 5000.`

			`There are two modes to setting difficulty factor for your website on`
			`mCaptcha:`

			`### Easy option`

			`Easy mode asks a few basic statistics about your website and generates a`
			`configuration that should work for your website. Currently, easy mode is`
			`guided by assumptions on suitable difficulty factors to protect a`
			`website but it will be fine-tuned as mCaptcha sees more deployment.`

			`Configuration generated by easy mode can be tweaked later using the`
			`advance mode, as you become more familiar with how mCaptcha works.`

			`{{% img src="new-sitekey-easy-mode.png" alt="new sitekey form in easy mode" %}}`

			`### Advance option`

			`Advance mode gives the admin granular control over how mCaptcha behaves`
			`on their website. It has options to set the difficulty factor for each`
			`level of traffic(or visitor threshold, in mCaptcha speak), fully taking`
			`advantage of mCaptcha's variable difficulty factor feature.`

			`For instance, if it is normal for a website to get 200 requests over 30`
			`seconds, then setting a very low difficulty factor for a visitor`
			`threshold of 200 and a cool down period of 30 seconds will allow the`
			`users to pass through without waiting on the CAPTCHA. But if 1000`
			`requests over 30 seconds will bring down the service, then the admin can`
			`configure increasing levels of difficulty factor of increasing traffic`
			`levels, effectively rate limiting its users and protecting the`
			`underlying website.`

			`{{% img src="new-sitekey-adv-mode.png" alt="new sitekey form in advance mode" %}}`