Turnstile Invisible CAPTCHA


The Turnstile Invisible CAPTCHA module allows you to secure your site’s forms against cyber attacks (bots, spams, DDoS, bruteforce, phishing, …) in an efficient, GDPR-compliant way and without blocking the user journey.

The module uses Cloudflare Turnstile technology, which is an intelligent alternative to CAPTCHAs as well as to Google’s reCAPTCHAs. This technology, which is free, non-intrusive, respectful of personal data and accessible to everyone, has the sole purpose of securing your site against attacks by robots. It differs from other CAPTCHA technologies, which are less and less effective in the face of technological evolution, very restrictive for the user, who is blocked in his purchasing process, and some of which have been accused of collecting and using personal data, like Google’s reCAPTCHAs.

Our module Turnstile Invisible CAPTCHA automatically installs the Cloudflare script into the templates, without overrides.


The configuration of the module is very simple.

First of all, you need to create an account on the Cloudflare website, then find your sitekey and your secret key to fill them in the module (in “Configuration” tab, “Cloudflare configuration” part).

Then, you can disable the security test for already logged in customers. To do so, check “Yes” for the first option of the “General configuration” part:

Option to disable security for already logged in customers

If you want to exclude certain IP addresses from the Cloudflare Turnstile security test, you can do so by whitelisting these addresses (one IP address per line) in the second option:

Option to whitelist IP addresses

Forms to be secured

Finally, go to the “Settings” tab to select the forms you want to secure:

Select the forms to secure

Save: that’s it, the Cloudflare Turnstile security system is installed on your site!