How to add Cloudflare Turnstile to WordPress Forms

If you’re looking to add an extra layer of security to your WordPress site, Cloudflare’s brand-new “Turnstile” service is a brand new user-friendly, privacy-preserving alternative to Google reCAPTCHA.

In this article, we’ll show you how to add Cloudflare Turnstile to your WordPress website forms, as well as WooCommerce, Contact Form 7, WPForms, Gravity Forms, MailChimp for WordPress, BuddyPress and more.

Get Your Cloudflare Keys

First, create a Cloudflare account at:

Once your account is created, visit the Cloudflare Dashboard, select “Turnstile” in the menu sidebar, and click “Add site”.

Cloudflare Turnstile - Dashboard

Next, you’ll be required to enter a site name, domain, and select the widget type.

  • Managed: Cloudflare will use information from the visitor to decide if an interactive challenge should be used. If we do show an interaction, the user will be prompted to check a box (no images or text to decipher).
  • Non-interactive: A purely non-interactive challenge. Users will see a widget with a loading bar while the browser challenge is run.
  • Invisible: Challenge that does not require interaction.
Cloudflare Turnstile - Add Site

Click the “Create” button, and you will be given a “Site Key”, and “Secret Key”. Keep this page open, as you will need to copy them later.

Install The WordPress Plugin

Now you will want to go ahead and install the “Simple Cloudflare Turnstile” plugin on your website.

To do this, go to “Plugins > Add New” in your WordPress admin area, then search for “Simple Cloudflare Turnstile”, click “Install”, and finally click the “Activate” button that shows once it’s installed.

Cloudflare Turnstile - Install WordPress Plugin

You will then be taken to the settings page for Simple Cloudflare Turnstile. Here you will be able to enter your Cloudflare Turnstile “Site Key” and “Site Secret”, and select which forms Turnstile will show on.

Cloudflare Turnstile - Settings

Whenever you update your “Site Key” or “Secret Key” you will be required to test the API response, to make sure everything is working OK. Simply complete the Turnstile challenge, and click “TEST API RESPONSE”.

Cloudflare Turnstile - Activate

Supported Integrations

You can currently enable Turnstile on the following forms:

  • WordPress Login Form
  • WordPress Registration Form
  • WordPress Password Reset Form
  • WordPress Comments Form
  • WooCommerce Checkout
  • WooCommerce Login Form
  • WooCommerce Registration Form
  • WooCommerce Password Reset Form
  • “Contact Form 7” Forms
  • “WPForms” Forms
  • “Gravity Forms” Forms
  • “Fluent Forms” Forms
  • “Elementor Pro” Forms
  • “Mailchimp for WordPress” Forms
  • “BuddyPress” Registration Form
  • “bbPress” Create Topic & Reply Forms
  • “wpDiscuz” Custom Comments Form

Example Screenshot

Here’s an example of what the Turnstile challenge will look like when enabled on your WordPress Login Form:

Cloudflare Turnstile Widget

Why is Turnstile better than reCAPTCHA?

There are two main ways in which Turnstile is better than reCAPTCHA. Firstly, it doesn’t require user interaction, meaning that users don’t have to solve a puzzle or click images, making the process much easier and user-friendly.

Secondly, it’s a big improvement in terms of privacy, since the data sent by reCAPTCHA to Google is used for ad targeting, while Cloudflare Turnstile claims they will “never harvest data for ad retargeting”.

To learn more about Cloudflare Turnstile, click here.

Notify of
Newest Most Voted
Inline Feedbacks
View all comments
28 days ago

Awesome to see that you turned (no pun intended) this out so quickly! Is there support to enable Turnstile on only select Gravity Forms?

code web softwareweb-programmingprogrammingbinary-dataprogramming-codeweb-1picturesearchpadlockideaemaildomaingoalgoal-1 online-shop televisioncomputermonitor cloud-computingcloud-computing-1statisticscodingdata computer-1collectivecontentlayoutshoppinghelp question technical-supportcustomer-supportsupportsiren bugspeedometerspeed performance speedometer-1speedometer-2speedometer-3result growth updatecloud-computing-2databasestartup analysis team analysis-1 medal responsive responsive-1 plug shutdownturn-on ekg-monitorservercloud worldglobala2heartbeatheartbeat-1 raylike like-1shield secure-shieldno-stoppingno-entry-signfirewallfirewall-1shield-1 secureaccess-deniedpasswordlogin-passwordsecuritysign-inblockssllockencryptionantivirusantivirus-1bug-1 bug-2insurance trustrocket fireworks gift-shopstorebankbank-1bank-2standcompanystore-1brokeragebank-3 business-and-financebank-4 business-and-finance-1 bank-5 bank-6 bank-7 architecture-and-cityshop-Cafe-restaurant-coffee-Buildingcafecoffee-shop-Cafe-restaurant-Buildinguserbank-8cafe-1business-and-finance-2brancharchitecture-and-city-1shopshop-1coding-1 shop-2cloud-computing-3server-1server-2server-3cloud-1 server-4 server-5cloud-computing-4cloud-2cloud-computing-5cloud-computing-6security-1cloud-3cloud-4backup cloud-5security-2cloud-6 server-6cloud-7infoinfo-1stopwatchspeed-1 user-1 user-2user-3 user-4 loginconversation company-1loadingwordpress computer-2 computer-3 optimizationcomputer-4 hotel computer-5 hotel-1 favourite-starcredit-cardappmonitor-1 responsive-2responsive-3Responsive-Website-Design-Development-Computersmartphoneweb-settingsapplicationmaintenancedashboard email-1 communicationscommunications-1communications-2communications-3discuss-issueinformationquestion-1surveysurvey-1question-2QUESTIONquestion-3INFOui ui-1 server-7cloud-8 server-8