WP Login Turnstile Integration

AI Verified

Name

About

Integrates Cloudflare Turnstile Captcha with your WP Login page

Language

PHP

Rating

Voted: 1 by 1 user(s)

Codevault

Super-Snippet-Storage

Scroll down to see more snippets from this codevault.

Wordpress Compatability

The author has indicated that this snippet is compatable up to wordpress version: Not Specified

Our AI bot has checked this snippet is compatable up to wordpress version: 6.1

Code Snippet Plugin Sync

Free & Pro

Download this snippet by clicking the download button, then head over to the Code Snippet Plugin settings in your wordpress admin dashboard, select the import menu then upload this file to import into your wordpress site.

Pro Only (Coming Soon)

You will be able to click a button and sync this snippet to your wordpress site automatically and from your dashboard manage all code snippets across all your wordpress sites that have the Code Snippets Pro plugin installed.

History

Last modified:

06/07/2024

Important Note

This snippet has the following status:

AI Verified

This snippet has been tested by our AI bot, see any comments below.

Learn More

AI Bot Comments:

Potential vulnerability found : Hardcoded Credential
Found on line : 53
Code : ($secret_key="YOUR_SECRET_KEY")
Vulnerable line : 53
Code : $secret_key="YOUR_SECRET_KEY"

Found 1 vulnerabilities

 
                     1/**
 2 * Cloudflare Turnstile Integration for WordPress Login
 3 *
 4 * This code snippet integrates Cloudflare Turnstile into the WordPress login page,
 5 * adding a CAPTCHA-like challenge to protect against bots and automated login attempts.
 6 * The script enqueues the necessary Turnstile API script and adds custom CSS to ensure
 7 * the Turnstile widget fits the login form. It also verifies the Turnstile token during
 8 * login attempts to confirm the challenge was passed.
 9 *
10 * The Site Key and Secret Key are hardcoded in the functions below. To set up Turnstile for your site:
11 * - Sign up or log in to your Cloudflare account.
12 * - Navigate to the Turnstile section and set up Turnstile for your site.
13 * - Cloudflare will provide you with a Site Key and a Secret Key.
14 * - Replace the placeholder keys in the functions with the keys provided by Cloudflare.
15 *
16 * Note:
17 * The Secret Key is used for server-side token verification and must be kept private.
18 * Do not expose this key in any client-side code or public repositories.
19 *
20 * Author: Mark Harris
21 * URI: https://www.christchurchwebsolutions.co.uk
22 */
23 
24 
25// Enqueue Turnstile script on the WordPress login page
26function enqueue_turnstile_script_for_login()
27{
28    wp_enqueue_script(
29        "cloudflare-turnstile",
30        "https://challenges.cloudflare.com/turnstile/v0/api.js",
31        [],
32        null,
33        true
34    );
35    // Inline custom CSS to ensure Turnstile widget fits within the login box
36    wp_add_inline_style(
37        "login",
38        ".cf-turnstile { max-width: 100%; box-sizing: border-box; } .cf-turnstile iframe { width: 100% !important; }"
39    );
40}
41add_action("login_enqueue_scripts", "enqueue_turnstile_script_for_login");
42 
43// Add the Turnstile widget to the login form with hardcoded site key and theme
44function add_turnstile_to_wp_login_form()
45{
46    echo '<div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY" data-theme="light"></div>';
47}
48add_action("login_form", "add_turnstile_to_wp_login_form");
49 
50// Implement the token verification function
51function verify_turnstile_token($token)
52{
53    $secret_key = "YOUR_SECRET_KEY";
54    $response = wp_remote_post(
55        "https://challenges.cloudflare.com/turnstile/v0/siteverify",
56        [
57            "body" => [
58                "secret" => $secret_key,
59                "response" => $token,
60            ],
61        ]
62    );
63 
64    if (is_wp_error($response)) {
65        return false;
66    }
67 
68    $body = wp_remote_retrieve_body($response);
69    $result = json_decode($body, true);
70 
71    return $result["success"] ?? false;
72}
73 
74// Verify Turnstile token on login attempt
75function verify_turnstile_on_login($user, $password)
76{
77    if (isset($_POST["cf-turnstile-response"])) {
78        $token = $_POST["cf-turnstile-response"];
79        $verify = verify_turnstile_token($token);
80 
81        if (!$verify) {
82            return new WP_Error(
83                "turnstile_failed",
84                __(
85                    "<strong>ERROR</strong>: Please pass the security challenge.",
86                    "textdomain"
87                )
88            );
89        }
90    }
91 
92    return $user;
93}
94add_filter("wp_authenticate_user", "verify_turnstile_on_login", 10, 2);

Related Snippets

Please see some snippets below related to this snippet..

General

AI Verified

Admin CSS on free snippets

Added: 3 months ago

Last Updated: 2 months ago

View

General

AI Verified

WordPress Page/Post Revisions Limit

Added: 10 months ago

Last Updated: 1 month ago

Sets a cap on the number of revisions saved for both posts and pages in WordPress, helping to manage database storage efficiently. Adjust the number in the snippet to control the maximum revisions kep...

View

General

AI Verified

Delete WP Automatically Generated Images (not tested and audited yet)

Added: 9 months ago

Last Updated: 2 months ago

Delete from the database the images that WP automatically generated from uploaded images

View

Other Snippets in this Codevault

These are some popular snippets from this users codevault..

General

AI Verified

Convert To WebP

Added: 9 months ago

Last Updated: 1 week ago

<p>Snippet to convert JPG / PNG / Gif to WebP automatically on upload. Used GD or ImageMagick</p>

View

WordPress Admin

AI Verified

Really Simple Duplications

Added: 10 months ago

Last Updated: 7 months ago

A snippet to duplicate posts and pages and CPTS.

View

General

AI Verified

WP-Admin ChatGPT

Added: 6 months ago

Last Updated: 4 months ago

View