Xtreme TurnstileGetting Started

Getting Your Turnstile API Keys

Create a Free Cloudflare Account

If you do not already have a Cloudflare account, sign up at cloudflare.com. You do not need to transfer your domain's DNS to Cloudflare — Turnstile works independently.

Navigate to Turnstile

  1. Log in to the Cloudflare dashboard.
  2. In the left sidebar, click Turnstile.
  3. Click the Add Site button.

Configure Your Widget

Fill in the following fields:

  • Site Name — A label for your reference (e.g., "My WordPress Site").
  • Domain — Enter your website's domain (e.g., example.com). You can add multiple domains if you run staging and production environments.
  • Widget Mode:

- Managed — Cloudflare decides when to show a visible challenge. This is the recommended mode for most sites.

- Non-interactive — The challenge is always invisible. Best user experience, slightly less protection against sophisticated bots.

- Invisible — Completely hidden from the user. Runs entirely in the background.

Copy Your Keys

After clicking Create, Cloudflare generates two keys:

  • Site Key (public) — This is embedded in your page's HTML. It is safe to expose.
  • Secret Key (private) — This is used for server-side verification. Keep it confidential.

Copy both keys. You will paste them into the Xtreme Turnstile settings page in WordPress.

Multiple Sites

You can create separate Turnstile widgets for each domain, or use one widget with multiple domains added. Using one widget simplifies key management; using separate widgets gives you per-site analytics in the Cloudflare dashboard.

Next Step

Head to Configuring Turnstile Settings to enter your keys in WordPress and choose which forms to protect.