WordPress.org

Oluganda

Get WordPress
WordPress.org

Plugin Directory

OhmTang CFT

OhmTang CFT

By OhmΒ·Tang
Download

Description

OhmTang CFT is a comprehensive WordPress security plugin that seamlessly integrates Cloudflare Turnstile’s advanced CAPTCHA protection into your website. Say goodbye to traditional annoying CAPTCHAs and embrace a frictionless, privacy-focused security solution that effectively blocks bots while providing a smooth user experience. Completely free Cloudflare Turnstile integration for WordPress and WooCommerce – no premium features, no hidden costs, just powerful spam protection.

πŸ“’ DISCLAIMER: Trademarks and brands are the property of their respective owners.

πŸŽ›οΈ Granular Form Control

Individual Form Toggle and Each verification form supports custom error messages, allowing you to personalize the display when users fail the Turnstile challenge.- Complete Flexibility

Take full control over your security implementation with our granular form management system:

  • Per-Form Enable/Disable – Every supported form can be individually activated or deactivated
  • WordPress Core Forms:
    • βœ… Login Form – Toggle on/off
    • βœ… Registration Form – Toggle on/off
    • βœ… Lost Password Form – Toggle on/off
    • βœ… Comment Form – Toggle on/off ( on/off login or no login user)
  • WooCommerce Forms:
    • βœ… Login Form – Toggle on/off
    • βœ… Registration Form – Toggle on/off
    • βœ… Lost Password Form – Toggle on/off
    • βœ… Checkout Form (Support Full site editting Block Checkout page and Traditional Checkout page) – Toggle on/off ( on/off login or no login user)

🎯 Smart Conditional Protection

Intelligent Verification Based on User Status

Advanced conditional protection for better user experience:

  • Checkout Page Smart Settings:

    • πŸ”„ Option to skip verification for logged-in users – Provide seamless checkout experience for returning customers
    • πŸ”’ Always protect guest checkouts – Secure anonymous transactions
    • ⚑ Reduce friction for trusted customers while maintaining security

  • Comment Form Intelligent Protection:

    • πŸ”„ Toggle verification for logged-in users – Choose whether authenticated users need CAPTCHA
    • πŸ›‘οΈ Always protect guest comments – Prevent spam from anonymous visitors
    • πŸ“ Respect trusted commenters – Regular commentators can enjoy streamlined experience

  • Flexible User-Based Rules:

    • πŸŽͺ Customize protection based on user roles and status
    • πŸ” Balance security and usability intelligently
    • πŸ“Š Reduce unnecessary verification for trusted users

πŸ›‘οΈ Complete WordPress Core Protection

Protect every aspect of your WordPress site with comprehensive form security:

  • Login Security – Prevent brute force attacks on wp-login.php and admin areas (toggleable)
  • User Registration – Stop spam registrations and fake account creation (toggleable)
  • Comment Moderation – Eliminate spam comments automatically with smart user detection
  • Password Recovery – Secure lost password forms against abuse (toggleable)
  • Contact Forms – Compatible with popular contact form plugins
  • Your favorite Contact Forms – If you need to integrate your preferred form, contact me: [email protected]

πŸ›’ Advanced WooCommerce Integration

Secure your online store and protect your revenue with dedicated WooCommerce protection:

  • Checkout Security – Prevent fraudulent orders and fake transactions with smart user detection
  • Customer Registration – Ensure genuine customer accounts (toggleable)
  • Guest Checkout – Protect checkout process for all users with conditional logic
  • Login Forms – Secure customer login and authentication (toggleable)
  • Review Systems – Block fake product reviews and ratings

βš™οΈ Advanced Features & Customization

  • Smart Theme Options – Light, dark, and auto themes that adapt to your site design
  • Flexible Styles – Normal, Flexible and Compact 3 styles where Turnstile appears on each form
  • Granular Control – Enable/disable protection for individual forms with one click
  • Conditional Logic – Smart rules based on user login status
  • Performance Optimized – Minimal impact on page load times
  • Mobile Responsive – Perfectly adapted for all devices
  • Accessibility Ready – Designed with accessibility in mind

πŸ”§ Developer Friendly

  • Extensive hooks and filters for customization
  • Clean, well-documented codebase
  • WordPress coding standards compliant
  • Easy integration with custom themes and plugins
  • Comprehensive error logging and debugging

🌍 Multi-language Ready

  • Full translation support with .pot file

Why Cloudflare Turnstile?

  • User-Friendly – No annoying puzzles, image recognition, or text challenges
  • Privacy-First – GDPR compliant and privacy-respecting
  • Free Forever – Cloudflare’s free tier provides robust protection
  • Advanced Detection – Machine learning and behavioral analysis
  • Fast Implementation – Simple setup with Site Key and Secret Key

Experience the perfect balance of security and usability! With individual form controls and smart conditional protection, you can secure your site without frustrating your legitimate users.

Screenshots

  • WordPress login form enable OhmTang CFT
  • woocommerce my account page login form and register form
  • Woocommerce Full site editting Block Checkout page enable OhmTang CFT
  • Woocommerce Traditional Checkout page enable OhmTang CFT
  • Wordpress Comment Form enable OhmTang CFT
  • OhmTang CFT site key and secret key setting page
  • Woocommerce and WordPress Form Configuration
  • Woocommerce Review Form enable OhmTang CFT
  • WordPress lostpassword form enable OhmTang CFT
  • WordPress register form enable OhmTang CFT
  • Woocommerce lostpassword form enable OhmTang CFT

Installation

Automatic Installation

  1. Go to Plugins > Add New in your WordPress admin
  2. Search for “OhmTang CFT”
  3. Click “Install Now” and then “Activate”
  4. Go to OhmTang CFT settings page
  5. Configure your Cloudflare Turnstile keys

Manual Installation

  1. Upload the ohmtang-cft folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Go to OhmTang CFT settings page
  4. Configure your Cloudflare Turnstile keys

Configuration

  1. Get your free Site Key and Secret Key from Cloudflare Turnstile
  2. Go to WordPress Admin > OhmTang CFT
  3. Enter your Site Key and Secret Key in the API Settings section
  4. Navigate to Forms Settings tab to individually enable/disable each form
  5. Configure smart settings for checkout and comments (logged-in user options)
  6. Choose your preferred theme and appearance settings
  7. Save settings and test your protected forms

FAQ

Can I enable Turnstile only for specific forms?

Yes! Every form has its own toggle switch. You can enable protection for login forms but disable it for comments, or any combination you prefer.

How does the logged-in user protection work for checkout?

You can choose whether logged-in users need to complete verification during checkout. This allows returning customers to enjoy faster checkout while still protecting guest transactions.

Can I disable verification for trusted commenters?

Absolutely! The comment form has an option to skip verification for logged-in users, so your regular visitors aren’t bothered with CAPTCHA.

What if I only want to protect WooCommerce but not WordPress forms?

You have complete control! Simply enable the WooCommerce forms you want to protect and disable the WordPress core forms in the settings.

Is there a way to see which forms are currently protected?

Yes, the admin dashboard provides a clear overview of all enabled forms with quick toggle switches.

Does this plugin use any external services?

Yes, this plugin integrates with Cloudflare Turnstile, a free CAPTCHA alternative service provided by Cloudflare, Inc. Turnstile helps verify human users on forms (e.g., login, comments, WooCommerce checkout) without intrusive puzzles, improving security while minimizing user friction.

Turnstile is embedded via JavaScript widget and communicates with Cloudflare’s servers (challenges.cloudflare.com) for bot detection.

What data is sent to Cloudflare and when?

To provide bot detection, Turnstile collects and sends limited client-side signals (“Signals”) to Cloudflare only when necessary:

  • Data collected: Client IP address, TLS fingerprint, User-Agent header, sitekey (your site’s verification key), and origin domain. Additional non-interactive signals include proof-of-work/space, browser API probes, and behavior quirks (no cookies, login data, or personal identifiers are collected).

  • When sent:

    • On widget load: Initial signals to assess the browser environment.
    • On form submission: Verification token and response signals for siteverify check.

These signals are used solely for real-time bot blocking and algorithm improvement. Cloudflare acts as a data processor (you are the controller). No data is used for advertising or retargeting. Retention is minimal, aligned with security needs.

For EU/GDPR users: Data may be processed in the US under standard contractual clauses.

Privacy and Terms

For full details:
– Turnstile Privacy Addendum: https://www.cloudflare.com/trust-hub/gdpr/turnstile-privacy-addendum/
– Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/
– Cloudflare Website Terms: https://www.cloudflare.com/website-terms/
– Cloudflare Data Processing Addendum (GDPR): https://www.cloudflare.com/trust-hub/gdpr/

This plugin does not store or send additional data beyond what’s required for Turnstile integration. If you have privacy concerns, review Cloudflare’s policies or contact us.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“OhmTang CFT” is open source software. The following people have contributed to this plugin.

Contributors

Translate “OhmTang CFT” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.0

  • Initial release with comprehensive form protection
  • Individual enable/disable toggle for every supported form
  • Smart conditional protection for checkout pages (logged-in user options)
  • Intelligent comment form settings (logged-in user verification toggle)
  • Complete WordPress core forms integration
  • Full WooCommerce compatibility
  • Advanced admin dashboard with granular controls
  • Multi-language support
  • Developer-friendly hooks and filters

Meta

Ratings

No reviews have been submitted yet.

Yongera ko ekiteeso kyange

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum

Donate

Would you like to support the advancement of this plugin?

Donate to this plugin