- Home
-
Store
- Browse All
- Buy Dedicated Servers
- Buy Shared Hosting
- Buy Reseller Hosting
- Buy Optimized Wordpress
- Buy Optimized Joomla!
- Buy Elasticsite Hosting
- Shared Hosting
- Shared Cloud Hosting
- Reseller Hosting
- Optimized WP or Joomla Hosting
- Managed Dedicated Cloud Hosting
- Imunify360
- Logo Design Service
- Node Ping Monitoring
- Content Support
- eM Client
- NextCloud Storage Share
- 040Pro Services
- SEO Tools
- VPN
- Professional Email
- Site & Server Monitoring
- SocialBee
- Register a New Domain
- Transfer Domains to Us
- Announcements
- Knowledgebase
- Network Status
- Contact Us
-
More
Cloudflare Turnstile for Divi Contact Forms ( last version 1.0.6 )
Cloudflare Turnstile for Divi Contact Forms
A lightweight, privacy-friendly replacement for Google reCAPTCHA — built to work seamlessly with the standard Divi contact form module.
This script integrates Cloudflare Turnstile into your Divi form, adding bot protection without relying on Google's tracking or heavy scripts.
Features:
- Works with the native Divi contact form (no extra plugins required)
- Tested and confirmed to work with Divi 4 and Divi 5
- 100% free to use — both the script and Cloudflare Turnstile
- Lightweight and privacy-respecting (no user tracking)
- Simple setup using your Cloudflare site and secret keys
Requirements:
- A free Cloudflare account
- Active Divi theme (Elegant Themes)
Disclaimer
- This script is provided as-is and without any warranty or liability.
- While it has been tested and confirmed to work under standard configurations, results may vary depending on your WordPress setup, Divi version, or customizations. By downloading or using this script, you agree that 040Hosting and its developers are not responsible for any issues, damages, or losses arising from its use or misuse. Support is not included, but you are free to modify and adapt the script for your own use.
Please do not republish or redistribute this script without including a clear link to 040Hosting.eu as the original source.
Versions:
1.0.4 Initial production release
1.0.5 security updates
1.0.6 security updates
Changelog 1.0.5
- CSRF Vulnerability in Form Submission (medium)
- IP spoofing prevention (low)
- Improved Response validation (low)
- SSL Validation (low)
- Improved Input validation (low)
Changelog 1.0.6
- Form detection bypass fixed (high) — Turnstile is now enforced on every Divi contact form on a page, not just the first one. Previously a form that was not in the first position skipped verification entirely, allowing spam through.
- Configurable Spam Detection Mode (Strict / Loose) — Strict (default) enforces verification on any Divi contact submission; Loose restores the previous first-form-only behaviour for rare compatibility cases.
- Hostname pinning (high) — verified tokens are now rejected unless they were issued for your own site's domain, preventing tokens harvested on other sites from being replayed against your form.
- Privacy: debug logging gated behind WP_DEBUG (low) — submitted names, emails and API responses no longer leak into debug.log on production sites.
Love our plugin? maybe you also love our hosting at https://040hosting.eu ?
Don't love our plugin? Let us know why.