Plugin0 - Build Features & Discover WordPress Plugins with AIBeta
Home Plugins mountdev cloudflare turnstile
By MountDev: Cloudflare Turnstile logo

By MountDev: Cloudflare Turnstile

by Cascadia Web Services on WordPress.org

Protect your WordPress site from spam and bots with Cloudflare Turnstile - a modern, privacy-friendly CAPTCHA alternative that respects your users.

(0)
Plugin settings page

Plugin settings page

Tired of annoying CAPTCHAs that frustrate your visitors? Say goodbye to distorted text puzzles and hello to Cloudflare Turnstile – the next-generation CAPTCHA solution that protects your WordPress site without compromising user experience.

By MountDev: Cloudflare Turnstile brings enterprise-grade bot protection to your WordPress site with zero hassle. Powered by Cloudflare’s cutting-edge Turnstile technology, this plugin seamlessly integrates with your existing forms to stop spam, prevent automated attacks, and protect your site – all while keeping your legitimate users happy.

Why Choose Cloudflare Turnstile?

Better User Experience
Unlike traditional CAPTCHAs that force users to decipher distorted text or identify traffic lights, Cloudflare Turnstile works invisibly in the background. Most legitimate users won’t even notice it’s there – they’ll just submit their forms and move on. No more frustrated visitors abandoning your registration or checkout process.

Privacy-First Approach
Cloudflare Turnstile is built with privacy in mind. It doesn’t track users across sites or collect unnecessary personal data. Your visitors’ privacy is respected, and you stay compliant with modern privacy regulations.

Lightweight & Fast
This plugin is optimized for performance. It won’t slow down your site or add bloat to your WordPress installation. The Turnstile widget loads efficiently, and you have full control over script loading behavior to optimize for your specific needs.

Enterprise Security, Free to Use
Leverage the same powerful bot detection technology that protects millions of websites worldwide. Cloudflare’s advanced algorithms analyze visitor behavior to distinguish between humans and bots – and it’s completely free for most use cases.

Perfect for Every WordPress Site

Whether you’re running a simple blog, a membership site, an online store, or a complex multi-site network, this plugin has you covered. It integrates seamlessly with WordPress core forms and extends support to popular plugins like WooCommerce, Contact Form 7, Elementor Pro, and Fluent Forms.

E-commerce Protection
Protect your WooCommerce store from fake registrations, fraudulent checkouts, and spam orders. Enable Turnstile on login, registration, password reset, checkout, and pay-for-order forms. You can even configure it to only appear for guest checkouts, keeping the experience smooth for your registered customers.

Form Builder Integration
Using Contact Form 7, Elementor Pro Forms, or Fluent Forms? No problem. Enable Turnstile across all your forms with a single click, or selectively protect specific forms. You have complete control over where and how protection is applied.

Multisite Ready
Managing a WordPress Multisite network? This plugin is fully compatible and can be configured independently for each site in your network.

Supported Forms

WordPress Core

  • Login Form
  • Registration Form
  • Password Reset Form
  • Comment Form

WooCommerce

  • Login Form
  • Registration Form
  • Password Reset Form
  • Checkout Form
  • Pay for Order Form

Third-Party Form Plugins

  • Contact Form 7 (all forms or specific forms via shortcode)
  • Elementor Pro Forms (all forms)
  • Fluent Forms (all forms with option to exclude specific form IDs)

Additional Features

  • Fully compatible with WordPress Multisite environments
  • Customizable widget positioning for different form types
  • Guest checkout only option for WooCommerce

Powerful Features, Simple Configuration

  • Visual Customization – Choose between light, dark, and auto themes to perfectly match your site’s design aesthetic. The widget blends seamlessly into your forms.

  • Global Language Support – Set the preferred display language for the Turnstile widget to match your audience. Provide a localized experience for your international visitors.

  • Flexible Appearance Modes – Configure the widget to always be visible, or use managed/non-interactive modes where it only appears when suspicious activity is detected. Balance security with user experience.

  • Form Submission Control – Enable submit button locking to prevent users from submitting forms until Turnstile validation is complete. Ensure every submission is verified.

  • Branded Error Messages – Customize the error message displayed when validation fails. Maintain your brand voice even in error states and provide helpful guidance to users.

  • Precise Widget Positioning – Control exactly where the Turnstile widget appears on different form types. Place it before or after buttons, within specific form sections, or wherever makes the most sense for your layout.

  • Built-in Credential Testing – Verify your Cloudflare API keys are working correctly with one click. No more guessing if your configuration is correct – get instant confirmation.

  • Performance Optimization – Enable script deferral to optimize page load times. The plugin is designed to be lightweight and won’t bog down your site.

  • Granular Form Control – Enable protection globally across all forms of a certain type, or selectively protect individual forms. You decide the level of security for each form.

  • Guest Checkout Options – For WooCommerce stores, optionally show Turnstile only for guest checkouts while keeping the experience frictionless for logged-in customers.

  • Developer Friendly – Clean, well-documented code that follows WordPress coding standards. Hooks and filters available for advanced customization.

Getting Started

You can have Cloudflare Turnstile protecting your WordPress forms in less than 5 minutes. Here’s how:

Step 1: Get Your Cloudflare Turnstile Keys
Head over to your Cloudflare dashboard and create a free Turnstile site. You’ll receive a Site Key and Secret Key – these are like your plugin’s credentials to communicate with Cloudflare’s verification service. Don’t worry, it’s completely free for most websites.

Step 2: Install and Activate
Install this plugin just like any other WordPress plugin. You can upload it manually or install it directly from the WordPress plugin directory. Activate it, and you’ll be automatically redirected to the settings page.

Step 3: Enter Your Keys
Paste your Site Key and Secret Key into the API Configuration tab. This connects your WordPress site to Cloudflare’s Turnstile service.

Step 4: Choose Your Forms
Navigate to the Integrations tab and select which forms you want to protect. You can enable Turnstile on WordPress login forms, WooCommerce checkout, Contact Form 7 submissions, and more. Enable as many or as few as you need.

Step 5: Customize (Optional)
Visit the General Settings tab to customize the widget’s appearance, language, and behavior. Want a dark theme? Done. Need it in Spanish? No problem. Prefer the widget to only appear when necessary? You got it.

Step 6: Test It
Click the TEST CREDENTIALS button to verify everything is configured correctly. You’ll get instant feedback confirming your setup is working.

Step 7: You’re Protected!
That’s it! Your forms are now protected by enterprise-grade bot detection. Sit back and watch as spam submissions drop to zero while your legitimate users breeze through without frustration.

External Services

This plugin connects to Cloudflare Turnstile, a third-party captcha service, to provide spam protection and bot detection for your WordPress forms.

What the service is and what it is used for

Cloudflare Turnstile is a privacy-friendly captcha alternative that helps protect your website forms from spam submissions and automated bot attacks. It replaces traditional CAPTCHAs with a more user-friendly verification system.

What data is sent and when

  • When a user interacts with a protected form, the plugin sends the Turnstile response token to Cloudflare’s verification endpoint (https://challenges.cloudflare.com/turnstile/v0/siteverify) for validation
  • The plugin loads Cloudflare’s Turnstile JavaScript API (https://challenges.cloudflare.com/turnstile/v0/api.js) to render the captcha widget
  • Data sent includes: the response token, your site’s secret key, and the user’s IP address (as part of the verification process)
  • This occurs every time a user submits a form that has Turnstile protection enabled

Service provider information

  • Service: Cloudflare Turnstile
  • Provider: Cloudflare, Inc.
  • Terms of Service: https://www.cloudflare.com/terms/
  • Privacy Policy: https://www.cloudflare.com/privacypolicy/
  • Turnstile Documentation: https://developers.cloudflare.com/turnstile/

User consent and configuration

By enabling this plugin and configuring Turnstile on your forms, you acknowledge that user interactions with protected forms will be processed by Cloudflare’s service. Users are not required to create accounts or provide personal information beyond what’s necessary for form submission verification.

Active installations20+
Weekly downloads
113+41.25%
Version1.0.3
Last updated10/31/2025
WordPress version5.0
Tested up to6.8.3
PHP version7.4
Tags
captchacloudflaresecurityspamturnstile

Related Plugins

Corrected commenter IP for Cloudflare CDN logo

Corrected commenter IP for Cloudflare CDN

A plugin to correct commenter IP addresses for WordPress websites using Cloudflare CDN.

0+
loading-lazy logo

loading-lazy

When adding media on the post screen, automatically add loading = "lazy" to the img tag

0+
Add authors not users logo

Add authors not users

This is a short description of what the plugin does. It's displayed in the WordPress admin area.

0+