The Problem
reCAPTCHA isn’t stopping spam
Over the last few months, we’ve had a number of clients complaining that, despite their forms all having reCAPTCHA enabled and anti-spam honeypot, automated comment bots had begun flooding their forms with spam submissions.
We looked into why reCAPTCHA – supposedly the industry standard – was failing. Community reports confirmed what we were seeing: more sophisticated bots are now bypassing reCAPTCHA’s acceptance criteria and flooding sites with spam.
The Alternative
Meet Cloudflare Turnstile
So what’s the alternative? That’s when we discovered Cloudflare Turnstile – their own CAPTCHA solution that works quietly in the background and feels just like reCAPTCHA v3.
How It Works
Turnstile leverages Cloudflare’s distributed network to challenge browsers before the pages even load, so when the form is ready to be submitted the Turnstile ‘captcha’ is pre-authorised.
What We’ve Seen
It might be anecdotal, but every client we’ve set up with Turnstile has seen a near-immediate resolution in the amount of spam they’ve received.
How to Switch
It’s easy to set up. It only takes around one hour to install the plugin for it (Gravity Forms comes with it ready to go), set up configuration keys within Cloudflare, pair the widget with your domain name, and then update your forms: replacing reCAPTCH with Turnstile.
Let us know if you’d like to switch over. If you’re a client, speak with your account manager (or just log a ticket).
If you’re not a client, drop us a line – we’d love to help!
