Online security is something you don’t want to take for granted, every little bit of extra security you can add to your website is a good move.
There are serval tools/plugins available for WordPress to help secure your site, in my opinion, Cloudflare’s turnstile is one you should consider adding.
This guide focuses on what Turnstile is, why you would want to install it, and how to set up Turnstile on your WordPress website.
Table of Contents
What is Cloudflare Turnstile?
Cloudflare Turnstile is a free CAPTCHA alternative, which gives a frustration-free experience for your website visitors introduced by Cloudflare to stop abuse and confirms visitors are real without the data privacy concerns or awful UX that CAPTCHA thrusts on users.
Cloudflare Turnstile can be added to a number of different forms on your WordPress website, some of the main ones are: Login/registration forms, and password reset forms and if you have woocommerce installed it can be added to the checkout form.
For a full list of the supported forms, check out the plugin page.
Some of the benefits of adding Cloudflare Turnstile to your website are:
Better experiences for your visitors, no puzzles to solve.
Stronger Privacy, will not harvest your visitor’s data for ad retargeting.
Fast to get up and running and free.
Setting up Cloudflare
Your first step is to head over to Cloudflare and create an account if you don’t already have one.
Once you have created your account, head over to the dashboard.
On the left-hand side, you will find a menu, and about halfway down look for turnstile and then “click it”.
This is where you will add the site to the Cloudflare turnstile.
Click “Add site”
Now fill out the form with the details of the site you would like to add
There is a section called widget mode, I would recommend going with “managed” but feel free to choose the other options if they are a better fit.
Then click “create” to add the site.
You will now be given a site key and a secret key, keep this page open as you will need to copy the keys to paste them into the WordPress plugin.
Install the WordPress plugin
Head back to your WordPress dashboard, to install “Simple Cloudflare Turnstile” plugin.
Click Plugins from the menu, then “Add New Plugin”.
Search for Simple Cloudflare Turnstile.
Click “Install Now” then “Activate”
This will take you to the “Simple Cloudflare Turnstile” settings page.
Here is where you will add the Site and Secret keys that we generated earlier.
The first section is where you add your Site and Secret keys, so switch back to your Cloudflare account copy the keys, and enter them into the settings page.
The next section is General Settings, select your desired settings.
The last section is where you enable which forms you would like to have the turnstile active on.
Select the ones you want, then click “Save changes”.
Now a box will pop up, for you to test if it is all connected.
Click “Test Response” If everything is correct a success message will appear
“Success! Turnstile is working correctly with your API keys.“
You have now installed “Simple Cloudflare Turnstile” onto your WordPress website, so your site will have that extra layer of protection against abuse and bots.
To double-check it’s working, I would open an incognito window and go to the login screen of your WordPress website.
You should see the Cloudflare turnstile just below the password field with success if everything is installed correctly.
If you do have any issues just, go back and check that everything has been set up correctly, and still, no joy I would raise a support ticket with the plugin authors.
If you found this article helpful, then please share this with someone who will find it useful.