Mike521w So this is what I came up with: The JS contains everything you need to interact with the module. You no longer need to make any modification or entries to the pages themselves. There is a small section at the top of the JS that defines your settings. Settings are API endpoint, site key, and desired action watch list that can either be every default action OR just the same actions that you define in the module. The JS loads the API into memory on page load. Then it scans the page for those Miva hidden action value = "LOGN" (or which ever) inputs that are in the forms. It compares what it finds on the page to the list of monitored actions placed at the top of the JS file. It then creates the hidden input entry for the token that would normally be manually entered into the HTML. Then it attaches an event to the submit action of the form, interrupts the default submit, sends and waits for the token, and then programmatically "submits" the form.

When you add the JS to the Miva resources, you have to enable it for every page you want the JS to run on. I guess you could leave it global, but I chose not to. You also need to select the Resource Group for the JS to be in the head_tag.

Seems to work well so far!

Ours is done FWIW and will be available on Monday.

Rick Wilson Thanks!! I will definitely check it out.

I wonder if we need to move or start this thread up in the Miva 10 forum - so as not to confuse those who might be looking for an MM10 solution. This thread has been going on since 2019.

Just recently had this issue mostly solved with a client. Generally, fake accounts were being created and accounts were being password tested. The solution turned out to be Cloudflare DNS. The free version was all that was needed to have a secure DNS. CF seems to do a good job of keeping out the bad bots, etc.

Scott