i saw Cloudflare is requiring Google captcha (recaptcha) when it detect suspicious visitor on my site.
and when i have my site added and protected by CF, then in the Dashboard / Page Rules, i can add new rule for my registration page:
and set all visitors to be treated in "I'm Under Attack" mode which means they will likely be asked for recaptcha i think?
+ i enabled "Browser Integrity Check" for that registration URL

Hopefuly it will reduce SPAM bots