Cybernob Turnstile for Cloudflare

Cybernob Turnstile for Cloudflare integrates Cloudflare Turnstile into your WordPress site — the privacy-friendly CAPTCHA that stops bots silently, without making real users solve puzzles.

This plugin is an independent, third-party integration and is not affiliated with or endorsed by Cloudflare, Inc.

Protected locations

• Login form — blocks brute-force and credential-stuffing attacks
• Registration form — prevents automated account creation
• Comment form — stops spam comments without Akismet
• Contact Form 7 — automatically protects every CF7 form on your site

Features

• Live status checker — the settings page shows instantly whether your API keys are valid and reachable
• Invisible mode — widget stays hidden; the form auto-submits once the challenge passes silently
• Three themes — Auto (follows system preference), Light, Dark
• Two appearance modes — Always visible, or show on interaction only
• Clean uninstall — all plugin options are removed on deletion, including multisite support
• Translation ready — all strings wrapped in i18n functions with the correct text domain
• No bundled libraries — only Cloudflare’s own CDN script is used; nothing extra added to your site

Why Turnstile?

Unlike reCAPTCHA, Cloudflare Turnstile does not track users across sites or require Google accounts. It is designed to be GDPR-friendly and invisible to legitimate users by default.

Getting started

1. Create a free Cloudflare Turnstile site widget
2. Copy your Site Key and Secret Key
3. Paste them into Settings → Cybernob Turnstile and save
4. The live status indicator confirms everything is working

External Services

This plugin connects to Cloudflare’s Turnstile service to display CAPTCHA challenges and verify user responses.

• Service: Cloudflare Turnstile
• When used: When a protected form is loaded (widget script) or submitted (token verification). Only active after the administrator has entered API keys in the plugin settings.
• Data sent: On verification — the Turnstile response token and the visitor’s IP address are sent to Cloudflare’s API endpoint.
• Endpoint: https://challenges.cloudflare.com/turnstile/v0/siteverify

Cloudflare Terms of Service | Cloudflare Privacy Policy