Security
WordPress security audit checklist
Ensuring your WordPress website’s security is vital for protecting sensitive data, keeping customer trust, and safeguarding your online business. A
15 April 2024
Cloudflare’s CAPTCHA alternative ‘Turnstile’ now available
With the latest release of the All-In-One Security plugin (AIOS), we’ve included support for Cloudflare’s invisible alternative to CAPTCHA, Turnstile.
What is CAPTCHA?
CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a security measure that differentiates humans from automated bots or scripts. Users typically receive a test from CAPTCHA that humans can easily solve but which automated scripts find difficult.
You are likely to be familiar with the most common type of CAPTCHA, which involves displaying a distorted image of a word or a sequence of letters and numbers, which you must enter into a text box to prove you are human. Other types of CAPTCHA include audio challenges that ask us to listen to and type spoken words or mathematical problems that require us to solve a simple equation.
Websites use CAPTCHA to prevent automated scripts from carrying out actions that could be harmful or disruptive, such as spamming forums or stealing data. By requiring visitors to prove they are human, CAPTCHA helps ensure the security and integrity of online interactions.
What is Turnstile?
With Cloudflare’s alternative to CAPTCHA, Turnstile, visitors are verified “invisibly” and greeted simply with a Success result.
With this alternative, Cloudflare Turnstile promises a better experience for your visitors, stronger privacy, and it’s free.
How does it work?
Cloudflare Turnstile selects from simple tests that do not disrupt the user’s browsing based on their behavior and usage patterns during a session; it works without showing visitors a CAPTCHA to solve.
How can I set up Cloudflare Turnstile?
To set up Cloudflare Turnstile within AIOS, from your Dashboard, go to WP Security > Brute Force, then into the “CAPTCHA settings” tab.
Select “Cloudflare Turnstile” as the Default CAPTCHA and “Save settings”:
The system will then present you with two fields to complete; one for the Site key and the other for the Secret key. You get these from Cloudflare:
- Go to the Cloudflare dashboard and either log in if you already have a Cloudflare account or Sign up.
- Once logged in, go to Add Site.
- Enter your Site name, Domain, and select Widget Type Managed. Press Create.
- The Site Key and Secret Key will now appear. Copy each into your AIOS settings and turn on the CAPTCHA for each option on this page, then Save settings.
Now, on any page with a form, such as the Login page, you will see the Cloudflare CAPTCHA in action:
You may need to turn the Cloudflare Turnstile CAPTCHA on if you add further form functions or plugins within your site, such as WooCommerce or a contact form. You can do this by going to WP Security > Brute Force, into the CAPTCHA settings tab, and selecting any options you wish:
Share This Post
More To Explore...
Security
What to do if your WordPress site is hacked
Has your WordPress site been hacked, and you don’t know what to do next? WordPress powers millions of websites worldwide
25 March 2024
Release info
All-In-One Security Premium Release 1.0.4: AIOS adds adds IP lookup function and fixes XSS Security vulnerability
The latest release from AIOS includes a new IP lookup function that will help developers identify suspicious activity such as
23 February 2024
Release info
All-In-One Security Release 5.2.6: AIOS adds more UX features and fixes 2 vulnerabilities to CSRF and XSS functionalities
In our latest update, we’ve made several enhancements to AIOS. These additions make AIOS easier to use, and give you
23 February 2024