You should only change the block which is located between
/* settings */
/* -settings */
All other code is not related to settings. $enableCaptcha is not a setting, leave it ONLY to FALSE!
$checkEachRequest is a very strong mode which makes the forum mostly not comfortable in posting. It actually resets session's value each time when it was being "used".
It would be required only for some kind of temporary action while you search for a solution of how to prevent your forum from this or that. Leave it to FALSE.
For registered users, in most cases, it's enough to have
I guess spammers are too lazy to post 20 useful messages to gain the Captcha barrier released. So in most cases it could work.
If it doesn't work, there are other ways like you already started to discuss here.