We are aware of a potentially service impacting issue. Learn more

Files

File Cloudflare Turnstile for Divi Contact Forms ( last version 1.0.6 ) Cloudflare Turnstile for Divi Contact Forms A lightweight, privacy-friendly replacement for Google reCAPTCHA — built to work seamlessly with the standard Divi contact form module. This script integrates Cloudflare Turnstile into your Divi form, adding bot protection without relying on Google's tracking or heavy scripts. Features: - Works with the native Divi contact form (no extra plugins required) - Tested and confirmed to work with Divi 4 and Divi 5 - 100% free to use — both the script and Cloudflare Turnstile - Lightweight and privacy-respecting (no user tracking) - Simple setup using your Cloudflare site and secret keys Requirements: - A free Cloudflare account - Active Divi theme (Elegant Themes) Disclaimer - This script is provided as-is and without any warranty or liability. - While it has been tested and confirmed to work under standard configurations, results may vary depending on your WordPress setup, Divi version, or customizations. By downloading or using this script, you agree that 040Hosting and its developers are not responsible for any issues, damages, or losses arising from its use or misuse. Support is not included, but you are free to modify and adapt the script for your own use. Please do not republish or redistribute this script without including a clear link to 040Hosting.eu as the original source. Versions: 1.0.4 Initial production release 1.0.5 security updates 1.0.6 security updates Changelog 1.0.5 - CSRF Vulnerability in Form Submission (medium) - IP spoofing prevention (low) - Improved Response validation (low) - SSL Validation (low) - Improved Input validation (low) Changelog 1.0.6 - Form detection bypass fixed (high) — Turnstile is now enforced on every Divi contact form on a page, not just the first one. Previously a form that was not in the first position skipped verification entirely, allowing spam through. - Configurable Spam Detection Mode (Strict / Loose) — Strict (default) enforces verification on any Divi contact submission; Loose restores the previous first-form-only behaviour for rare compatibility cases. - Hostname pinning (high) — verified tokens are now rejected unless they were issued for your own site's domain, preventing tokens harvested on other sites from being replayed against your form. - Privacy: debug logging gated behind WP_DEBUG (low) — submitted names, emails and API responses no longer leak into debug.log on production sites. Love our plugin? maybe you also love our hosting at https://040hosting.eu ? Don't love our plugin? Let us know why.
Filesize: 9.01 kB
« Back