Cloudflare Captcha

Adding Cloudflare CAPTCHA to your WordPress site can be an effective way to block spambots. This is particularly important if you have forms on your site and/or accept user comments. However, you might be wondering how to set it up.

Fortunately, it’s not as difficult as you might think. Cloudflare CAPTCHA (officially called Cloudflare Turnstile) is a free tool that you can easily add to your site. 😎 Once activated, users will need to verify that they’re human before they can submit a form or a comment.

👉 In this post, we’ll take a closer look at Cloudflare Turnstile and how it works. Then, we’ll show you how to add it to your WordPress site. Finally, we’ll discuss the benefits of using Cloudflare CAPTCHA over other solutions. Let’s get started!

An overview of Cloudflare Turnstile

Turnstile is a CAPTCHA alternative developed by Cloudflare. The tool is designed to confirm the authenticity of a web visitor without requiring any interaction on the user’s end:

Cloudflare CAPTCHA page.

You’re probably already familiar with how CAPTCHAs work. Typically, you’ll need to tick a box or solve a puzzle to confirm that you’re not a robot.

However, Turnstile runs these checks in the background, minimizing interference to the user experience. It uses a selection of non-intrusive challenges that are carried out in the visitor’s browser. This means that users won’t need to do anything on their end.

Turnstile will only ask a user to check a box if it is unable to confirm their authenticity through the browser. However, as we shall see in the tutorial, you have the option to disable this feature.

Additionally, Cloudflare uses Apple’s Private Access Tokens to run these browser tests. This can help ensure that no extra data is collected in the process, keeping users safe.

As you can see, Turnstile can help you keep bots out while preserving your site’s User Experience (UX). Later in the post, we’ll take a closer look at the benefits of using Turnstile over other CAPTCHA solutions.

How to add Cloudflare CAPTCHA to WordPress

Now, let’s look at how to add Cloudflare CAPTCHA to your site:

Step 1: Create a Cloudflare account and configure Turnstile

If you’re already a Cloudflare customer, you can access Turnstile from your account:

Enabling Turnstile from your Cloudflare account.

If not, you can set up an account for free. Once you’re logged in, navigate to your Cloudflare dashboard and select Turnstile from the menu. You’ll then need to add your site:

Adding Turnstile to your site.

Cloudflare will ask you to provide your site’s name and domain:

Adding Cloudflare name and domain.

Next, you’ll need to select a widget mode. This is the CAPTCHA that will appear in your forms:

Selecting a widget mode for your Cloudflare CAPTCHA.

Let’s take a look at the options:

  • Managed. Cloudflare will determine if an interactive challenge should be used based on the user data available. If authentication is required, the user will be asked to check a box.
  • Non-interactive. Users will see a widget with a loading bar while Cloudflare runs the browser challenge. A success message will be displayed once the challenge is complete.
  • Invisible. If you select this option, the user won’t see the widget or success message. This means the CAPTCHA will be completely hidden from them.

Once you’re ready, click on Create. Cloudflare will then create a site key and secret key. You’ll need these to activate Turnstile on your site.

Step 2: Add the Turnstile keys to your site

Now that you’ve configured Turnstile, you can add the Cloudflare CAPTCHA keys to your WordPress site. We recommend using the Simple Cloudflare Turnstile plugin to do this. It provides an easy way to activate Turnstile on your website.

Start by installing and activating the plugin on your site:

Installing Simple Cloudflare Turnstile.

Then, in your WordPress dashboard, navigate to Settings → Cloudflare Turnstile. Here, you can paste in the Cloudflare keys that you copied earlier:

Adding Cloudflare keys.

You’ll also find a few customization settings. For example, you can choose a theme for your CAPTCHA (light, dark, or auto). You can also edit the error message:

Customizing the Cloudflare CAPTCHA appearance.

Finally, you’ll need to select the forms that you want to enable Turnstile on. For instance, you may want to use it on your login and registration pages, and your comments section:

Selecting the forms for Cloudflare CAPTCHA.

If you have a WooCommerce store, you may even want to enable CAPTCHA on the checkout page, customer login page, and other sensitive forms:

Enabling Cloudflare CAPTCHA on WooCommerce forms.

Simple Cloudflare Turnstile also enables you to run the CAPTCHA on forms created by other plugins or page builders, like Elementor:

Enabling forms on Elementor.

In fact, it integrates with a variety of form-building tools, including Contact Form 7, WPForms, and Gravity Forms. When you’re ready, click on Save Changes.

Here’s what your Cloudflare CAPTCHA may look like on the front end:

Turnstile on WordPress login page.

If you run a membership site or multi-author blog, we recommend that you add it to your login pages to keep your content safe. It’s also a good idea to enable it in your comments section, as it can help filter out spam.

If you have an ecommerce site, you’ll want to place Cloudflare CAPTCHA on login and registration forms to stop bots from infiltrating your site.

The benefits of using Turnstile over other CAPTCHA solutions

With Turnstile, users can prove that they’re human without having to complete a puzzle or provide more personal data than necessary. This means it offers a safer and more efficient experience than most other CAPTCHA solutions on the market.

Turnstile looks at session data in the browser to validate users. As mentioned earlier, it uses Apple’s Private Access Tokens to do this. This enables it to minimize data collection and protect user privacy. In fact, Turnstile doesn’t look for cookies or store information about the user.

If you want to provide a more seamless user experience, Turnstile is definitely worth considering. Unlike in the case of standard CAPTCHA solutions, users won’t have to figure out some squiggly characters or select a series of photos in order to submit a form, post a comment, or log into their accounts.

In turn, this may help you generate more leads and increase user engagement on your site. Plus, Turnstile is completely free!

Conclusion 🧐

Turnstile is a Cloudflare CAPTCHA solution that verifies legitimate users without asking them to complete a puzzle. It does this by running challenges on the browsers, while only requesting the most essential and relevant information about the user. This makes it a safe and efficient alternative to traditional CAPTCHA solutions.

To recap, here’s how to add Cloudflare CAPTCHA to your WordPress site:

  1. Create a Cloudflare account and configure Turnstile
  2. Add the Turnstile keys to your website with the Simple Cloudflare Turnstile plugin.

💡 You may also be interested in our how to set up Cloudflare with WordPress guide.

Do you have any questions about how to add Cloudflare CAPTCHA to WordPress? Let us know in the comments section below!

Free guide

4 Essential Steps to Speed Up
Your WordPress Website

Follow the simple steps in our 4-part mini series
and reduce your loading times by 50-80%. 🚀

Free Access

Inline Feedbacks
View all comments

Or start the conversation in our Facebook group for WordPress professionals. Find answers, share tips, and get help from other WordPress experts. Join now (it’s free)!