Plugin0 - Build Features & Discover WordPress Plugins with AI
Explore
Home Plugins bot protection turnstile
Bot Protection with Turnstile logo

Bot Protection with Turnstile

by mra13 / Team Tips and Tricks HQ on WordPress.org

A lightweight plugin that protects core WordPress forms and selected third‑party plugins from spam and bot attacks using Cloudflare Turnstile CAPTCHA.

(0)
WordPress login form example.

WordPress login form example.

Bot Protection with Turnstile lets you drop-in Cloudflare’s privacy-focused, no-CAPTCHA challenge on the most common attack surfaces of a WordPress site:

  • Core WordPress forms – Login, registration, password reset, and comment forms.
  • WooCommerce – Protect checkout, login, registration, and password reset forms.
  • bbPress – Secure forum registration, login, and topic creation forms.
  • Contact Form 7 – Add Turnstile to your CF7 forms to block spam submissions.
  • Accept Stripe Payments – Protect checkout and payment pop-up forms.
  • Simple Download Monitor – Secure download buttons and squeeze forms.
  • Simple Shopping Cart – Add Turnstile to your shopping cart plugin’s manual checkout forms.
  • WP Express Checkout – Protect checkout 100% discount checkout forms with Turnstile.

Just add your Turnstile Site Key and Secret Key, choose the forms you want to protect, and you’re done. No more subjecting your users to image puzzles or accessibility headaches.

Turnstile can generate multiple types of non-intrusive challenges to verify users are human, all without showing visitors a puzzle.

Highlights

  • Zero-friction, user-friendly bot protection.
  • A free reCAPTCHA alternative for WordPress.
  • Works even when visitors are behind ad-blockers or privacy extensions.
  • Granular toggles to enable/disable on individual forms.
  • Debug logging feature.
  • Fully translatable and developer-friendly with action/filter hooks.
  • Road-map for upcoming integrations with other popular plugins.

Getting Started

It’s quick and easy to get started with the Bot Protection plugin.

  • Generate a Site Key and Secret Key in your Cloudflare account, then enter them in the plugin’s settings page.
  • Choose which forms you want to protect with Turnstile and click Save.
  • Turnstile challenges will automatically appear on the selected forms to to block bots and spam.

For more detailed instructions, please see our setup guide.

External Services

This plugin integrates with the Cloudflare Turnstile CAPTCHA service to help protect WordPress forms from spam and automated abuse.

When a protected form (such as login, registration, or comment) is displayed, the plugin connects to Cloudflare Turnstile to generate a CAPTCHA challenge. When the form is submitted, Turnstile receives the user’s IP address and browser metadata to verify whether the submission is from a human or bot.

This service is provided by Cloudflare, Inc.:
– Terms of Service: https://www.cloudflare.com/terms/
– Privacy Policy: https://www.cloudflare.com/privacypolicy/

Active installations0+
Weekly downloads
19-70.31%
Version1.0.8
Last updated7/9/2025
WordPress version6.5
Tested up to6.8.1
PHP version7.4
Tags
captchacloudflaresecurityspam protectionturnstile

Related Plugins

XQ Secure Form logo

XQ Secure Form

XQ Secure Forms ensures that every piece of client information is secure, from submission to receipt. Transform your existing forms and collect secure …

10+
Cloudflare Page Cache for WordPress logo

Cloudflare Page Cache for WordPress

WP Cloudflare Cache plugin built for cache html pages on Cloudflare free plan and purge cache only when post or page updated.

90+
security-txt logo

security-txt

A plugin for serving 'security.txt' in WordPress 6.1.1+.

10+