描述
RIS Cloudflare CAPTCHA adds the modern, privacy-first Cloudflare Turnstile CAPTCHA to your WordPress site. Stop bots, spam comments, and brute-force login attacks without annoying your visitors with image puzzles or Google reCAPTCHA.
Unlike legacy CAPTCHAs, Cloudflare Turnstile runs completely in the background, never asks visitors to click traffic lights or type distorted text, and protects visitor privacy.
Why Choose RIS Cloudflare CAPTCHA?
- Privacy-friendly – No user tracking, no cookies, no personal data collection.
- User-friendly – Most visitors never see a challenge; it’s invisible by default.
- Lightweight – Tiny footprint, no external dependencies, no bloated JS bundles.
- Free – Powered by Cloudflare Turnstile, which is 100% free for unlimited use.
- Universal – Protects WordPress login, registration, comment, lost-password, and WPForms.
- Developer-friendly – Shortcode, PHP function, and a verification filter for custom forms.
- Multilingual – Supports 11 widget languages including English, Spanish, French, German, Bengali, Hindi, Arabic, Chinese, Japanese, and more.
- Customizable – Light, dark, or auto theme; visible, invisible, or interaction-only mode.
Features
- Drop-in Turnstile widget on:
- WordPress login form
- WordPress registration form
- WordPress lost password form
- WordPress comment form
- WPForms (all forms)
- Server-side token verification for every form (not just client-side).
- Secure nonce checks on every form submission.
- Test Connection button to instantly verify your API keys.
- Per-form enable/disable checkboxes.
- Light, dark, or auto theme matching.
- Visible, invisible (“execute”), or interaction-only appearance.
- Custom widget language selection.
- Tabbed admin settings page (Settings / Help / About).
- Shortcode:
[ris_turnstile action="contact"]for custom forms. - Developer filter:
ris_cf_captcha_verify_responsefor custom verification. - Full uninstall cleanup (deletes all options on plugin removal).
- Multisite compatible.
- Translation ready (.pot, /languages folder).
- Proper WordPress coding standards, sanitization, escaping, and capability checks.
How It Works
- Install and activate the plugin.
- Get free Turnstile keys from your Cloudflare Dashboard.
- Paste your Site Key and Secret Key into the plugin settings.
- Tick the forms you want to protect.
- Save. Done.
Shortcode
Use the widget on any page or custom form:
[ris_turnstile action="contact"]
Or in PHP:
<?php echo do_shortcode( '[ris_turnstile]' ); ?>
Custom Form Verification (Developers)
Hook into the verification filter:
add_filter( 'ris_cf_captcha_verify_response', function( $is_valid, $token, $ip ) {
// Your custom checks here.
return $is_valid;
}, 10, 3 );
Privacy
This plugin:
* Does not set any cookies.
* Does not track users.
* Does not store any personal data.
* Sends the visitor’s IP address to Cloudflare only for the verification request, as required by the Turnstile API.
* Does not send any data to any third party other than Cloudflare.
GDPR, CCPA, and privacy-law friendly.
Related Plugins
- Real IT Solution – https://www.realitsolution.com/
Credits
- Developed by Real IT Solution – Md Taufiqur Rahman.
- Powered by Cloudflare Turnstile.
- Icons by WordPress Dashicons.
Support
- Documentation: https://wordpress.org/plugins/ris-cloudflare-captcha/
- Support forum: https://wordpress.org/support/plugin/ris-cloudflare-captcha/
- Author website: https://www.realitsolution.com/
安装
- Upload the plugin folder to
/wp-content/plugins/ris-cloudflare-captcha/or install via the WordPress plugin installer. - Activate the plugin from the Plugins menu in WordPress.
- Go to RIS CF CAPTCHA in your admin sidebar.
- Click Cloudflare Turnstile in your Cloudflare dashboard and create a new widget.
- Copy your Site Key and Secret Key and paste them into the plugin settings.
- Tick the forms you want to protect.
- Click Save Changes.
- Use the Test Connection button to verify your keys work.
- Visit your login page to see Turnstile in action.
常见问题
-
Do I need a Cloudflare account?
-
Yes. Sign up for a free Cloudflare account at cloudflare.com and create a Turnstile widget from the dashboard.
-
Is Cloudflare Turnstile really free?
-
Yes. Cloudflare Turnstile is 100% free for unlimited use, with no quotas or hidden fees.
-
Does it work with WPForms?
-
Yes. Enable “WPForms (all forms)” in the plugin settings and Turnstile will be added to every WPForms form on your site.
-
Does it work with Contact Form 7?
-
Not directly, but you can use the
[ris_turnstile]shortcode in your CF7 form markup or use a CF7 hook to render it. -
Does it work with WooCommerce?
-
The plugin protects WordPress core forms (login, register, lost password, comments). For WooCommerce checkout and account forms, you can use the shortcode
[ris_turnstile]and theris_cf_captcha_verify_responsefilter. -
Is it GDPR compliant?
-
Yes. Turnstile is privacy-friendly and the plugin does not store any personal data.
-
Will it slow down my site?
-
No. The Turnstile script is loaded asynchronously from Cloudflare’s CDN and weighs only a few KB.
-
The widget isn’t showing up. What’s wrong?
-
- Make sure you saved your Site Key and Secret Key.
- Make sure the relevant form is ticked in “Enabled Forms”.
- Click the Test Connection button to confirm your keys are valid.
- Clear any caching plugin (WP Super Cache, W3 Total Cache, LiteSpeed, etc.).
- Check the browser console for JavaScript errors.
-
Can I hide the Turnstile badge?
-
Yes, there’s an option in the Advanced tab. Note that Cloudflare’s ToS may require visible attribution – check Cloudflare’s current Turnstile terms.
评价
此插件暂无评价。
贡献者及开发者
「RIS Cloudflare CAPTCHA – Cloudflare Turnstile」是开源软件。 以下人员对此插件做出了贡献。
贡献者
更新日志
1.1 – 2026-06-15
- SECURITY: Added server-side Turnstile verification for login form (was previously client-side only).
- SECURITY: Added server-side verification for registration, lost password, and comment forms.
- SECURITY: Added proper WordPress nonce fields and checks on every form.
- SECURITY: Added capability checks and additional sanitization/escaping throughout.
- NEW: Tabbed settings page (Settings / Help / About).
- NEW: “Test Connection” button with AJAX verification of API keys.
- NEW: Per-form enable/disable checkboxes (login, register, comment, lost password, WPForms).
- NEW: Theme selector (auto / light / dark).
- NEW: Appearance mode selector (always / execute / interaction-only).
- NEW: Widget language selector with 11 languages.
- NEW: Shortcode
[ris_turnstile action="contact"]for custom forms. - NEW: PHP function
ris_cf_captcha_render_widget()for theme developers. - NEW: Developer filter
ris_cf_captcha_verify_responsefor custom verification. - NEW: Activation notice pointing to the settings page.
- NEW: “Settings” link on the Plugins list page.
- NEW: Documentation, Support, and Author links on the Plugins list page.
- NEW: Uninstall cleanup that removes all plugin options and transients (including legacy v1.0 options).
- NEW: Multisite support in uninstall.
- NEW: Better error messages with WordPress-standard markup.
- NEW: Optional custom CSS spacing around the widget.
- NEW: Optional badge hiding.
- IMPROVED: Code refactored into modular, well-documented functions.
- IMPROVED: All functions prefixed with
ris_cf_captcha_for namespacing. - IMPROVED: Translation-ready with proper text domain and /languages folder.
- IMPROVED: WordPress coding standards compliance.
- IMPROVED: Bumped to PHP 7.4 minimum, tested up to WordPress 6.5.
- SEO: Improved plugin metadata, keywords, and description for better WordPress.org search ranking.
1.0 – 2024-XX-XX
- Initial release.
- Cloudflare Turnstile widget on WordPress login.
- Optional Turnstile on WPForms forms.