Plugin0 - Build Features & Discover WordPress Plugins with AIBeta
Home Plugins bot protection turnstile
Bot Protection with Turnstile logo

Bot Protection with Turnstile

by mra13 / Team Tips and Tricks HQ on WordPress.org

A lightweight plugin that protects core WordPress forms and selected third‑party plugins from spam and bot attacks using Cloudflare Turnstile CAPTCHA.

(0)
WordPress login form example.

WordPress login form example.

Bot Protection with Turnstile lets you drop-in Cloudflare’s privacy-focused, no-CAPTCHA challenge on the most common attack surfaces of a WordPress site:

  • Core WordPress forms – Login, registration, password reset, and comment forms.
  • WooCommerce – Protect checkout, login, registration, and password reset forms.
  • bbPress – Secure forum registration, login, and topic creation forms.
  • Contact Form 7 – Add Turnstile to your CF7 forms to block spam submissions.
  • Accept Stripe Payments – Protect checkout and payment pop-up forms.
  • Simple Download Monitor – Secure download buttons and squeeze forms.
  • Simple Shopping Cart – Add Turnstile to your shopping cart plugin’s manual checkout forms.
  • WP Express Checkout – Protect checkout 100% discount checkout forms with Turnstile.
  • WP eMember – Secure registration, login and password reset forms with Turnstile.

Just add your Turnstile Site Key and Secret Key, choose the forms you want to protect, and you’re done. No more subjecting your users to image puzzles or accessibility headaches.

Turnstile can generate multiple types of non-intrusive challenges to verify users are human, all without showing visitors a puzzle.

Highlights

  • Zero-friction, user-friendly bot protection.
  • A free reCAPTCHA alternative for WordPress.
  • Works even when visitors are behind ad-blockers or privacy extensions.
  • Granular toggles to enable/disable on individual forms.
  • Debug logging feature.
  • Fully translatable and developer-friendly with action/filter hooks.
  • Road-map for upcoming integrations with other popular plugins.

Getting Started

It’s quick and easy to get started with the Bot Protection plugin.

  • Generate a Site Key and Secret Key in your Cloudflare account, then enter them in the plugin’s settings page.
  • Choose which forms you want to protect with Turnstile and click Save.
  • Turnstile challenges will automatically appear on the selected forms to to block bots and spam.

For more detailed instructions, please see our setup guide.

External Services

This plugin integrates with the Cloudflare Turnstile CAPTCHA service to help protect WordPress forms from spam and automated abuse.

When a protected form (such as login, registration, or comment) is displayed, the plugin connects to Cloudflare Turnstile to generate a CAPTCHA challenge. When the form is submitted, Turnstile receives the user’s IP address and browser metadata to verify whether the submission is from a human or bot.

This service is provided by Cloudflare, Inc.:
– Terms of Service: https://www.cloudflare.com/terms/
– Privacy Policy: https://www.cloudflare.com/privacypolicy/

Active installations30+
Weekly downloads
20+33.33%
Version1.1.1
Last updated11/29/2025
WordPress version6.5
Tested up to6.9
PHP version7.4
Tags
captchacloudflaresecurityspam protectionturnstile

Related Plugins

Signed Posts logo

Signed Posts

Signed Posts allows authors to sign posts, assuring content integrity. Signature verification proves post-signing alteration hasn't occurred.

0+
PKL WPz REST API Authentication logo

PKL WPz REST API Authentication

Control WordPress REST API access by requiring user authentication with API key system.

0+
SpamShieldX logo

SpamShieldX

SpamShieldX is the ultimate solution for protecting your WordPress website from spam and iframe abuse. Our plugin blocks malicious iframes and prevent …

10+