Cloudflare recently announced a fantastic new tool – Turnstile. It’s an alternative to the CAPTCHA forms that are used on the vast majority websites to deter spam. This new tool achieves the same goal of protecting you from spam, but without the frustrating puzzle-solving, image identification and hijacking your data to send to Google. Here’s how to integrate Cloudflare’s turnstile onto your WordPress site in 10 minutes.
Step 1: Log in to Cloudflare and Generate a Domain Key
Unlike other Cloudflare services, you don’t need to integrate your site with Cloudflare to use Turnstile. However, you do need to create a Cloudflare account which you can do here. Now log into your dashboard and select “Turnstile” on the right-hand side as shown below. This is an account-wide feature, so don’t choose any specific site:
Add Site to Cloudflare for Turnstile Integration
For this test, I’m using the test NameHero domain. So under “Domain”, either choose a site you’ve already added to Cloudflare or create a new one. Under “Widget Type”, select “Non-interactive”. You can also choose to hide the Turnstile entirely if you want.
After this, Cloudflare will assign a “Site Key” and a “Secret Key” as shown here:
Cloudflare Turnstile Site Key and Secret Key
Keep both of these keys in a safe location.
Step 2: Download the Simple Cloudflare Turnstile Plugin
This is a “set it and forget it” plugin. Compared to other add-ons like WS Forms, the Simple Cloudflare Turnstile has a basic configuration, is braindead, and is easy to use. Download and install the plugin and in the configuration screen, enter your Site Key and Secret Key as shown here:
Enter the Site and Secret Key into the WordPress Plugin
You can choose to disable your form’s “Submit” button until the challenge is solved and choose the theme of the Turnstile. Further down, select the WordPress forms to which you want to apply the Cloudflare Turnstile. You can start with the comment form as shown here:
Testing the Cloudflare Turnstile Form
Navigate to a form on which you’ve enabled the Cloudflare Turnstile widget. You should see something like this:
Why Turnstile is Better than CAPTCHA
The most obvious way that Turnstile is superior to CAPTCHA is that it doesn’t require user interaction. Unlike CAPTCHA, you don’t have to solve a puzzle or click images. It’s easier and more seamless for your users.
The other benefit, however, is that it’s a massive improvement in privacy. CAPTCHA sends your data to Google and users with a Google cookie receive a higher value than those who don’t. Google swears up and down that they don’t use the data they collect for ad targeting. But is it believable? I don’t think so. On the other hand, Cloudflare Turnstile doesn’t send your data to Cloudflare in the first place. And because of this, it’s more privacy friendly than Google’s CAPTCHA.
Turnstile is mature enough for production use, and I recommend everyone who uses a CAPTCHA to use Turnstile instead.