Linux 软件免费装

在这里免费安装WordPress以及其他软件

Banner图

Kitgenix CAPTCHA for Cloudflare Turnstile

开发者 kitgenix
carlbensy16
更新时间 2025年12月9日 20:52
捐献地址: 去捐款
PHP版本: 7.0 及以上
WordPress版本: 6.8
版权: GPLv3 or later
版权网址: 版权信息

标签

captcha woocommerce anti-spam cloudflare turnstile

下载

1.0.12.1 1.0.13 1.0.12 1.0.14 1.0.11 1.0.7 1.0.8 1.0.10 1.0.9 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6

详情介绍:

Cloudflare Turnstile, done properly for WordPress. Kitgenix CAPTCHA for Cloudflare Turnstile is a lightweight, privacy-first reCAPTCHA alternative that adds Cloudflare Turnstile to your WordPress, WooCommerce and form plugins with server-side validation, replay protection and proxy-aware IP detection. Protect: All with conditional, async loading, no extra cookies or tracking and zero unnecessary front-end bloat. Why Kitgenix? Supported Forms and Integrations WordPress Core Turnstile is injected into each core form and validated only on POST submissions. Invalid, expired or reused tokens block the action with a clear message. WooCommerce (Classic) Turnstile appears near the Place order button and WooCommerce account forms. Validation runs during checkout and account actions. Designed to work safely with checkout fragments and avoids duplicate rendering. WooCommerce (Blocks / Store API) The widget renders in the Blocks checkout UI and validates Store API requests server-side. Tokens can be forwarded via X-Turnstile-Token or similar headers and are handled automatically by the plugin. Elementor Pro (Forms and Popups) The widget injects before or after the submit area, listens for Elementor popup and AJAX events and ensures a fresh token for each attempt. Handles multiple forms, popups and delayed popups reliably. Contact Form 7 Auto-injects the widget and re-renders after AJAX errors. A shortcode [kitgenix_turnstile] is available for manual placement. In Shortcode-only mode, CF7 forms are passed through do_shortcode() so manual placement works reliably. Fluent Forms Auto-injects, validates server-side and handles AJAX and multi-step flows with automatic re-renders. Formidable Forms Injects near the submit area, validates on submit and re-renders after client or server validation errors. Forminator Forms Works with regular and AJAX forms, including multi-step flows. Tokens are reset on failed submissions. Gravity Forms Widget placement before or after submit, with server-side validation on Gravity’s native hooks. Handles AJAX and multi-page forms with safe re-render and no overlapping buttons. Jetpack Forms Adds Turnstile to Jetpack forms with proper validation and AJAX behaviour. Kadence Forms (Kadence Blocks) Auto-injects on Kadence form blocks, validates server-side and re-renders on validation errors. WPForms Injects before or after the submit area. Optional “disable submit until verified” UX, auto-resets on AJAX errors and prevents overlap or layout issues. Forums – bbPress Adds Turnstile to bbPress posting forms to reduce automated spam topics and replies, validating before content is saved. You can enable or disable each integration and location under Settings → Cloudflare Turnstile. How It Works
  1. Loads the Cloudflare Turnstile API\ https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit\ using the WordPress Script API (async for WordPress 6.3+).
  2. Injects a widget into enabled forms\ Handles AJAX, multi-step forms, popups and other dynamic DOM changes.
  3. Verifies tokens server-side\ Uses Cloudflare’s /v0/siteverify endpoint with your secret key and request IP (when appropriate).
  4. Enforces replay protection\ Caches recent tokens (hashed) and rejects re-use (TTL is filterable).
  5. Blocks on failure\ Submissions with invalid, expired or reused tokens are blocked with a clear, user-friendly message.
Quick Start
  1. Install and activate from Plugins → Add New by searching for “Kitgenix Turnstile”.
  2. Go to Settings → Cloudflare Turnstile.
  3. Enter your Site Key and Secret Key from the Cloudflare Turnstile dashboard.
  4. Enable the integrations and specific forms you want to protect.
  5. Save changes, then test login, registration, comments, checkout and form pages.
Performance and Security Performance playbook Security tips Troubleshooting Widget not showing Always seeing “Please verify you are human” Elementor popups or AJAX forms WooCommerce checkout issues

安装:

  1. Install via Plugins → Add New and search for “Kitgenix Turnstile”, or upload the ZIP file to /wp-content/plugins/.
  2. Activate the plugin from the Plugins screen.
  3. Go to Settings → Cloudflare Turnstile.
  4. Enter your Site Key and Secret Key from the Cloudflare Turnstile dashboard.
  5. Enable the integrations and forms you want to protect.
  6. Save and test your login, registration, comments, checkout and form pages.

屏幕截图:

  • Elementor contact form protected by Turnstile, displayed before the submit button.
  • WooCommerce “My Account → Register” form with Turnstile verification.
  • Security settings: whitelist logged-in users, IPs and user agents; per-form WordPress toggles.
  • Quick setup screen: enter Cloudflare Turnstile keys, choose widget theme, size and mode, then test the widget.

升级注意事项:

1.0.14 SECURITY UPDATE - Update immediately. Fixes WooCommerce Block Checkout

常见问题:

Do I need a Cloudflare account?

Yes. A free Cloudflare account is enough to create a Turnstile Site Key and Secret Key.

Does this support Elementor Free?

We officially support Elementor Pro Forms. A fallback injector helps with general Elementor forms (including popups), but Elementor Pro Forms is the primary target for reliability.

Is this compatible with caching and optimisation plugins?

Yes. Scripts are async and conditionally loaded. You may need to allowlist challenges.cloudflare.com and avoid over-aggressive script deferral. Avoid full-page caching for login, account and checkout pages.

Can I skip validation for certain users?

Yes. You can whitelist logged-in users, IPs (exact, wildcard or CIDR) and user agents. There is also a filter to adjust whitelist decisions programmatically.

How is this different from Google reCAPTCHA?

Cloudflare Turnstile is a privacy-first, low-friction alternative. It avoids user tracking, aims to minimise data collection and still blocks bots effectively.

Which form plugins are supported?

WPForms, Fluent Forms, Gravity Forms, Formidable Forms, Forminator, Contact Form 7, Jetpack Forms, Kadence Forms, plus Elementor Pro Forms and core WordPress and WooCommerce forms.

Can I change the widget theme, size and language?

Yes. You can choose auto, light or dark, select small, normal, large or flexible sizes, switch interaction mode (always or interaction-only) and set language (auto or a specific locale code).

Why are there collapsible sections on the Settings page?

To make the page easier to scan. Groups such as Shortcode, Display, Security and Integrations are collapsible, and their open or closed state is remembered per browser.

How do I quickly find a setting?

Use the filter box on the left side of the settings page. Typing text hides non-matching navigation links and cards. Clear it with the “×” button.

What does the floating “Unsaved changes” bar mean?

It appears after you modify at least one field and reminds you to save. Click the Save button in the bar or the normal Save Settings button. Once saved, the bar disappears.

How do I copy the Turnstile shortcode?

Open the Shortcode and Manual Placement section and click the Copy button next to [kitgenix_turnstile].

Can I disable the collapsible behaviour?

Yes. A developer can dequeue the admin JavaScript or filter the settings page output to remove <details> wrappers. Native <details> elements degrade gracefully if scripting is disabled.

Can I pin or self-host the Turnstile script?

Yes. Use the kitgenix_captcha_for_cloudflare_turnstile_script_url filter to override the script URL or append query arguments.

Does it work on Multisite?

Yes. Settings are per-site. Uninstalling via Network Admin removes settings network-wide.

Is the plugin GDPR compliant?

The plugin itself does not store personal data. Cloudflare Turnstile processes IP and user agent to verify challenges. Review Cloudflare’s documentation and your legal requirements for your specific use case.

更新日志:

1.0.14 (09 December 2025) 1.0.13 (22 November 2025) 1.0.12.1 (22 November 2025) 1.0.12 (21 November 2025) 1.0.11 (19 October 2025) 1.0.10 (16 October 2025) 1.0.9 (15 October 2025) 1.0.8 (15 October 2025) 1.0.7 (14 October 2025) 1.0.6 (10 September 2025) 1.0.5 (10 September 2025) 1.0.4 (17 August 2025) 1.0.3 (12 August 2025) 1.0.2 (12 August 2025) 1.0.1 (11 August 2025) 1.0.0 (11 August 2025)