Turnstile Invisible CAPTCHA

• Version:
  1.0.0 (04/18/2023)
• PrestaShop Compatibility:
  v1.7.4.x -> v8.0.x
• Translations:
  

Replace CAPTCHAs with Cloudflare Turnstile!

The security of your data entry forms is essential to protect you from various cyber attacks (bruteforce, DDoS, ...) and avoid the generation of fake accounts, spam, phishing, ...

CAPTCHAs were developed to combat these attacks: in order for the data in a CAPTCHA-protected form to be sent, the user must first pass a small visual challenge, which only a human can solve. This allows to determine in an automated way if the user is a human being and thus to block the access to robots. With the evolution of technology and the improvement of robots, tests have been perfected in recent years, like Google's reCAPTCHA. Solving puzzles, recognizing texts or images, logic questions, etc... the tests have become more and more complex to ensure ever greater security.

However, CAPTCHA and reCAPTCHA tests have several major drawbacks:

• They negatively affect the user experience by slowing down the navigation: CAPTCHAs are obstacles that the visitor is forced to solve. They block the buyer's journey and make him lose time. Moreover, these tests are not necessarily very clear and are not accessible to everyone, especially to people with visual impairments. This generates frustration that can be disheartening and lead to the pure and simple abandonment of the web page and the site in question.

• Some CAPTCHAS, and in particular Google's reCAPTCHA, do not respect the privacy of users and are therefore illegal under the GDPR. The CNIL has condemned Google for using these tests to, among other things, collect sensitive information without authorization and transmit it outside the EU (such as users' identifiers, contact details or browsing history) or to set cookies for advertising purposes.

So how to secure your site against robots while ensuring an optimal user experience and protection of personal data?

THE SOLUTION: Cloudflare has implemented the Turnstile technology, which is free, non-intrusive, accessible to everyone and whose sole purpose is to secure your site against robot attacks. Our Turnstile Invisible CAPTCHA module automatically installs the Cloudflare script into your templates, without overrides, allowing you to secure all your forms with this smart alternative to traditional CAPTCHA and Google reCAPTCHA.

Cloudflare Turnstile advantages

Cloudflare's Turnstile technology offers great benefits:

• A frustration-free user experience: Tests are transparent to users: no puzzles or challenges to solve, tests run in the background and do not disrupt the user experience. They work thanks to non-interactive JavaScript tests that are responsible for detecting the user's human behavior (analysis of the visitor's or browser's singular behaviors).

• A technology adapted to all, regardless of their physical and cognitive abilities.

• A GDPR compliant technology: no collection of sensitive data, no placement of cookies, no transfer of information outside the European Union. Turnstile only consults session data to validate the user's human behavior and relies on data from device manufacturers or machine learning models. Concerned about data privacy, Turnstile never looks for cookies (like a login cookie), nor does it use cookies to collect or store any information.

• Free and available to everyone, whether or not you are a Cloudflare customer: Cloudflare Turnstile's sole purpose is to secure applications and websites. Even if you are not a Cloudflare customer, you can still use their secure form technology for your website. All you have to do is create a free account on their website.

Automatic installation of the security code and without overrides

No templates to modify manually, the module takes care of everything! Just install the module, enter the secret keys available in your Cloudflare account and select the forms you want to secure. It's that easy.

The module is also free of overrides.

What your customers will like

Your customers will no longer be frustrated by having to solve challenges before they can log in to their customer account, contact you or sign up for your newsletter. This represents a significant time saving and they will be more likely to come back to your store.

Features

AUTOMATIC INSTALLATION OF THE SECURITY CODE AND WITHOUT OVERRIDES

The module is free of overrides and automatically installs the Clouflare Turnstile script into your form templates. So you don't have to modify the code yourself.

After creating a free account on the Cloudflare website, the configuration of the module is very simple. You just need to enter your sitekey and your secret key available in your Cloudflare account, then select the forms you want to secure.

List of forms that can be secured:

Back-office side:

• Back-office login form
• "Forgot password" form

Front-office side:

• Customer account creation form
• Customer login form
• "Forgot password" form
• Contact form
• "Order as a guest" form
• Newsletter registration form
• Sign-up form for a product availability alert

You also have the option to:

• disable Turnstile security for already logged in customers
• whitelist IP addresses

NON-INTERACTIVE OR INTERACTIVE BUT NON-INTRUSIVE CONTROL

In most cases, the test will be completely transparent for the user who will not have to perform any action. In case of doubt about the human character of the user, he will simply have a box to check (1 second test against 32 seconds for the classic CAPTCHA).

GDPR COMPLIANT

The module uses Turnstile technology by Cloudflare, which is GDPR compliant. No collection of sensitive data on your users, nor setting of cookies is made during the tests.

Recommendations

• Prerequisite: The use of the module requires the free creation of an account on the Cloudflare website in order to get the secret keys to use the API.
  
  
• Note: Regarding the contact form, newsletter registration and product availability alert, our module is only compatible with native PrestaShop modules.
  
  
• Work in complete safety: In order to ensure the compatibility of the Turnstile Invisible CAPTCHA module with the rest of your installed modules, we recommend to firstly install the module in a pre-production environment. Our Parachute service allows you to easily duplicate your shop on a test environment and secure your production releases, come and discover it! For example, you can test the integration of the Turnstile Invisible CAPTCHA module with your PrestaShop theme in complete security.