Cloudflare CAPTCHA

How to Add Cloudflare CAPTCHA on WordPress

Posted on by Prakash Tiwari

If you’re dealing with spam, bots, or malicious traffic, adding a Cloudflare CAPTCHA to your WordPress site is an effective way to protect it. CAPTCHA challenges verify that the visitor is real and not an automated bot. This simple security step can reduce fake logins, form spam, and unwanted traffic.

In this guide, you’ll learn how to add Cloudflare CAPTCHA to WordPress

What Is Cloudflare CAPTCHA?

Cloudflare CAPTCHA is a security check that requires users to complete a challenge—like identifying images or clicking a checkbox—to prove they’re human. It helps filter out automated bots while allowing real users to continue without issues.

How to Add Cloudflare CAPTCHA to WordPress

You can add Cloudflare CAPTCHA using Cloudflare settings, Page Rules, Firewall Rules, or WordPress plugins. Let’s walk through each method step-by-step.

1. Add CAPTCHA Using Cloudflare Firewall Rules

Cloudflare’s Firewall Rules let you display a CAPTCHA based on specific conditions, such as country, IP, or URL.

Steps to Add Cloudflare CAPTCHA with Firewall Rules

  1. Log in to Cloudflare
  2. Select Your Site
    • From the dashboard, click on your website.
  3. Go to Firewall Rules
    • Click on Security in the left sidebar.
    • Select WAF (Web Application Firewall) and then Firewall Rules.
  4. Create a New Firewall Rule
    • Click Create a Firewall Rule.
    • Name the rule (e.g., “Add CAPTCHA for Login Page”).
  5. Set Conditions
    • In the condition field, set the rule based on what you want to protect.
      Example conditions:

      • URL Path equals /wp-login.php (for the login page).
      • Country equals a specific country (if you want CAPTCHA for visitors from certain countries).
  6. Set the Action
    • Choose Managed Challenge (CAPTCHA) from the action options.
  7. Save and Deploy
    • Click Save to activate the rule.

2. Add CAPTCHA Using Cloudflare Page Rules

If you prefer a simpler setup, you can use Page Rules to add CAPTCHA to specific parts of your site.

Steps to Add CAPTCHA with Page Rules

  1. Log in to Cloudflare
  2. Go to Page Rules
    • In the Cloudflare dashboard, select Page Rules from the left menu.
  3. Create a New Rule
    • Click Create Page Rule.
  4. Enter the URL Path
    • Enter the URL where you want the CAPTCHA (e.g., https://yoursite.com/wp-login.php).
  5. Choose Security Level
    • Set the Security Level to I’m Under Attack!
  6. Save and Activate
    • Click Save and Deploy.

3. Add CAPTCHA to Forms Using WordPress Plugins

You can use a WordPress plugin to display CAPTCHA on specific forms (e.g., login, registration, or contact forms).

Recommended Plugins

  • Cloudflare Turnstile
  • reCAPTCHA by BestWebSoft
  • WPForms (with CAPTCHA integration)

Steps to Add CAPTCHA Using Cloudflare Turnstile Plugin

  1. Install the Plugin
    • Go to Plugins > Add New in your WordPress dashboard.
    • Search for Cloudflare Turnstile and click Install Now.
    • Activate the plugin.
  2. Get Cloudflare API Keys
    • In your Cloudflare dashboard, navigate to Turnstile (under Security).
    • Generate a Site Key and Secret Key.
  3. Add the Keys to WordPress
    • Go to the plugin settings in WordPress.
    • Enter the Site Key and Secret Key.
  4. Enable CAPTCHA for Forms
    • Choose where you want the CAPTCHA to appear (e.g., login, registration, or comment forms).
    • Save the settings.

4. Add CAPTCHA Using .htaccess

For those comfortable editing files, you can add a CAPTCHA challenge using the .htaccess file.

Steps to Add CAPTCHA via .htaccess

  1. Access Your Site Files
    • Log in to your hosting dashboard or use an FTP client.
    • Open the .htaccess file in the root directory.

Add Cloudflare Challenge Code
Add the following lines:

<Files wp-login.php>

order deny,allow

allow from 192.0.2.0

deny from all

ErrorDocument 403 /captcha-page.html

</Files>

  1. Replace 192.0.2.0 with your IP to allow yourself access without CAPTCHA.
  2. Save and Test
    • Save the file and check your login page to ensure the CAPTCHA appears.

5. Add CAPTCHA for Specific Countries

You can block spammy traffic from specific countries using Cloudflare’s Firewall Rules.

Steps to Add CAPTCHA for Specific Countries

  1. Log in to Cloudflare
  2. Go to Firewall Rules
  3. Create a New Rule
    • Set the condition to Country equals the country you want to target.
  4. Choose Managed Challenge (CAPTCHA)
  5. Save and Deploy

Cloudflare will now show CAPTCHA to visitors from those countries.

Conclusion

Adding Cloudflare CAPTCHA to WordPress helps protect your site from spam, bots, and unwanted traffic. You can use firewall rules, page rules, or plugins to display CAPTCHA on specific pages and forms or for visitors from certain countries.

If you want a quick setup, use the Page Rules option. For more control, Firewall Rules and plugins offer flexible options. Following this guide can enhance your site’s security and stop bots from ruining your WordPress experience.