Cloudflare’s CAPTCHA alternative ‘Turnstile’ now available

With the latest release of the All-In-One Security plugin (AIOS), we’ve included support for Cloudflare’s invisible alternative to CAPTCHA, Turnstile.


What is CAPTCHA?

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a security measure that differentiates humans from automated bots or scripts. Users typically receive a test from CAPTCHA that humans can easily solve but which automated scripts find difficult.

You are likely to be familiar with the most common type of CAPTCHA, which involves displaying a distorted image of a word or a sequence of letters and numbers, which you must enter into a text box to prove you are human. Other types of CAPTCHA include audio challenges that ask us to listen to and type spoken words or mathematical problems that require us to solve a simple equation.

Websites use CAPTCHA to prevent automated scripts from carrying out actions that could be harmful or disruptive, such as spamming forums or stealing data. By requiring visitors to prove they are human, CAPTCHA helps ensure the security and integrity of online interactions.


What is Turnstile?

With Cloudflare’s alternative to CAPTCHA, Turnstile, visitors are verified “invisibly” and greeted simply with a Success result.



With this alternative, Cloudflare Turnstile promises a better experience for your visitors, stronger privacy, and it’s free.


How does it work?

Cloudflare Turnstile selects from simple tests that do not disrupt the user’s browsing based on their behavior and usage patterns during a session; it works without showing visitors a CAPTCHA to solve.


How can I set up Cloudflare Turnstile?

To set up Cloudflare Turnstile within AIOS, from your Dashboard, go to WP Security > Brute Force, then into the “CAPTCHA settings” tab.

Select “Cloudflare Turnstile” as the Default CAPTCHA and “Save settings”:



The system will then present you with two fields to complete; one for the Site key and the other for the Secret key. You get these from Cloudflare:

  1. Go to the Cloudflare dashboard and either log in if you already have a Cloudflare account or Sign up.
  2. Once logged in, go to Add Site.
  3. Enter your Site name, Domain, and select Widget Type Managed. Press Create.
  4. The Site Key and Secret Key will now appear. Copy each into your AIOS settings and turn on the CAPTCHA for each option on this page, then Save settings.


Now, on any page with a form, such as the Login page, you will see the Cloudflare CAPTCHA in action:

You may need to turn the Cloudflare Turnstile CAPTCHA on if you add further form functions or plugins within your site, such as WooCommerce or a contact form. You can do this by going to WP Security > Brute Force, into the CAPTCHA settings tab, and selecting any options you wish:



Share This Post

More To Explore...