Skip to content

Cloudflare Turnstile Implementation

VIDEO TRANSCRIPT | Recorded: 2025-08-22 | Verify against current system state

Abstract

Technical walkthrough of implementing Cloudflare Turnstile CAPTCHA on CraftCMS forms after a spam attack that resulted in over 2,000 spam emails. The solution uses Cloudflare Turnstile, which reduces user friction by verifying automatically when possible and only requiring interaction when necessary.

Key Procedures

  • Navigate to CraftCMS admin > Captchas
  • Configure Turnstile with site and secret keys (not shown for security)
  • Enable captcha globally (applies to all forms by default)
  • Configure per-form settings in Integrations section
  • Set theme (light/dark) and size (flexible)
  • Test form submission to verify implementation

Notable Statements

  • 0:00:00 "Last week, we had quite a bit of spam come through your system"
  • 0:00:13 "They've used Zendesk for a little bit, but Zendesk put a stop on it fairly quickly"
  • 0:00:25 "That was where we got a lot of, I think, over 2,000 spam emails that were coming to people"
  • 0:00:47 "We're using something called Cloudflare Turnstile, which is the same thing as captures"
  • 0:00:55 "It has some special things about it that will reduce the number of times it actually requires interaction"
  • 0:01:27 "Once that is in there and you've got it enabled, it actually just automatically gets applied to every single form"
  • 0:02:43 "It just says success because I've already done it. I didn't have to click it. I didn't have to do anything"
  • 0:03:08 "Sometimes you'll have to click the checkbox. There are other times you'll have to actually complete a recaptcha"
  • 0:03:29 "This is now added to each of our forms that exist on the AMP website by default"

Systems & Configurations

Systems Mentioned

  • CraftCMS (form management)
  • Cloudflare Turnstile (CAPTCHA service)
  • Zendesk (spam also attempted there)

Configuration Settings

Item Value/Setting Notes
Theme Light Alternative: dark
Size Flexible Can grow/shrink
Error message "Please verify you're not a robot" Default
Scope All forms by default Can be disabled per form
Status Enabled in Production and QA Working

Credentials/Access Mentioned

  • Cloudflare Turnstile secret keys (not shown)
  • CraftCMS admin access

Vendor Contacts Mentioned

None mentioned in this recording.

Errors & Troubleshooting

  • Issue: 2,000+ spam emails received
  • Cause: Attackers probing contact forms
  • Resolution: Implement Cloudflare Turnstile CAPTCHA
  • Timestamp: 0:00:25

Transcript Gaps & Quality Notes

  • Brief technical demo (4 minutes)
  • Secret keys intentionally hidden from screen
  • Form tested: Media Representation Report
  • Minimal interaction required for verified users