If you’re looking to add an extra layer of security to your WordPress site, Cloudflare’s brand-new “Turnstile” service is a brand new user-friendly, privacy-preserving alternative to Google reCAPTCHA.
In this article, we’ll show you how to add Cloudflare Turnstile to your WordPress website forms, as well as WooCommerce, Contact Form 7, WPForms, Gravity Forms, MailChimp for WordPress, BuddyPress and more.
Get Your Cloudflare Keys
First, create a Cloudflare account at: https://dash.cloudflare.com/sign-up
Once your account is created, visit the Cloudflare Dashboard, select “Turnstile” in the menu sidebar, and click “Add site”.
Next, you’ll be required to enter a site name, domain, and select the widget type.
- Managed: Cloudflare will use information from the visitor to decide if an interactive challenge should be used. If we do show an interaction, the user will be prompted to check a box (no images or text to decipher).
- Non-interactive: A purely non-interactive challenge. Users will see a widget with a loading bar while the browser challenge is run.
- Invisible: Challenge that does not require interaction.
Click the “Create” button, and you will be given a “Site Key”, and “Secret Key”. Keep this page open, as you will need to copy them later.
Install The WordPress Plugin
Now you will want to go ahead and install the “Simple Cloudflare Turnstile” plugin on your website.
To do this, go to “Plugins > Add New” in your WordPress admin area, then search for “Simple Cloudflare Turnstile”, click “Install”, and finally click the “Activate” button that shows once it’s installed.
You will then be taken to the settings page for Simple Cloudflare Turnstile. Here you will be able to enter your Cloudflare Turnstile “Site Key” and “Site Secret”, and select which forms Turnstile will show on.
Whenever you update your “Site Key” or “Secret Key” you will be required to test the API response, to make sure everything is working OK. Simply complete the Turnstile challenge, and click “TEST API RESPONSE”.
You can currently enable Turnstile on the following forms:
- WordPress Login Form
- WordPress Registration Form
- WordPress Password Reset Form
- WordPress Comments Form
- WooCommerce Checkout
- WooCommerce Login Form
- WooCommerce Registration Form
- WooCommerce Password Reset Form
- “Contact Form 7” Forms
- “WPForms” Forms
- “Gravity Forms” Forms
- “Fluent Forms” Forms
- “Elementor Pro” Forms
- “Mailchimp for WordPress” Forms
- “BuddyPress” Registration Form
- “bbPress” Create Topic & Reply Forms
- “wpDiscuz” Custom Comments Form
Here’s an example of what the Turnstile challenge will look like when enabled on your WordPress Login Form:
Why is Turnstile better than reCAPTCHA?
There are two main ways in which Turnstile is better than reCAPTCHA. Firstly, it doesn’t require user interaction, meaning that users don’t have to solve a puzzle or click images, making the process much easier and user-friendly.
Secondly, it’s a big improvement in terms of privacy, since the data sent by reCAPTCHA to Google is used for ad targeting, while Cloudflare Turnstile claims they will “never harvest data for ad retargeting”.
To learn more about Cloudflare Turnstile, click here.