Issue #126 Loop WP

Privacy by Design - Website Forms and Cloudflare Turnstile

Hi, friend. 👋

Welcome to Issue #126 of Loop WP!

Last week, we continued our mini-series on WordPress Privacy by looking specifically at Termageddon.

This week, we conclude our series by looking at a practical example of “Privacy by Design,” which we briefly discussed in the first part of this mini-series.

Let’s go! 👇

Privacy by Design - Website Forms

🧠 Building a good website form can be tough enough:

  • How much data to gather?

  • How to make the form accessible?

  • How can you make completing the form easy (good UX)?

  • Are there any hidden fields and integrations?

  • What about security and bot protection?

That last point, friend, is where our Privacy by Design example comes into play.

A whimsical Pixar-style scene featuring a lifelike website form with smiling eyes, a friendly mouth, and arms, interacting with a fluffy cloud and a glowing flare. The form, cloud, and flare are set in a bright, colorful landscape, giving a playful, animated feel.

Cloudflare announced Turnstile almost two years ago (I can’t believe it’s been that long). 🤯

TLDR: Turnstile is "a user-friendly, privacy-preserving alternative to CAPTCHA."

"Why No I Need Turnstile?"

You might be asking yourself that question, friend and here’s the answer. 👇

Chances are you are probably using Google reCAPTCHA on your website (or you’ve encountered one that does), whether that be on a:

  • Login, Registration or Lost Password Form

  • Contact Form

  • Newsletter Sign-up

🚨 Google reCAPTCHA is the reason you need an alternative security method on your website.

Let's dig deeper 👇

Google reCAPTCHA and GDPR Compliance

🛑 Google reCAPTCHA is not GDPR Compliant. If you use it on your website, you will legally be required to have:

  • A Privacy Policy

  • A Cookie Policy

What Data does Google reCAPTCHA Collect?

🤯 Part of the data which Google collects with ReCAPTCHA is:

  • A complete snapshot of the user’s browser window at that moment in time will be captured

  • Browser plugins

  • All cookies placed by Google over the last six months

  • Number of mouse clicks/touches you’ve made on that screen

  • CSS information for that page

  • Javascript objects

  • The date

  • The browser language

Cloudflare’s Turnstile Installation

In three easy steps, Cloudflare shows how to add Turnstile and replace your existing CAPTCHA service.

(Cloudflare offers a free plan and a series of paid plans. You only need the free plan to use Elliot’s plugin.)

🧠 Despite being relatively easy (mostly code copy and paste), it is easy for developers but not necessarily for end users, creating a barrier to installing or switching your website.

Enter "Simple Cloudflare Turnstile"

⚡️ I install it on every website I work with, and it has grown to 50,000+ installs and a 4.7 ⭐️ rating in the repository.

The name is in the plugin, and the setup is even more straightforward if you already have a Cloudflare account.

Since Elliot released the free plugin, it has been under a rapid development cycle.

It's a joy to see.

💡 All you need to get Turnstile working in three easy steps:

  1. Activate Turnstile in your Cloudflare account and grab your API Keys
     

  2. Install the Simple Cloudflare Turnstile plugin.
     

  3. Add your Cloudflare Turnstile API keys to the plugin, and you're done!

Elliot has a simple guide to the above process on his website, but you probably won't even need it.

Integrations and Support

⚒️ Currently, the Simple Cloudflare Turnstile integrates with:

The plugin is compatible with WordPress Multisite and most two-factor authentication (2FA) plugins.

🎉 Support responses and fixes are fast, which is terrific, as this has been the way since the plugin launched.

hCaptcha Alternative

If you don’t want to use Cloudflare, hCaptcha is one alternative that you should consider.

A privacy and security-focused alternative to Google reCAPTCHA, with a free plan.

hCaptcha complies with GDPR, CCPA, LGPD, PIPL, and other global data laws.

With an official plugin available on WordPress.org and integrations with form plugins like Forminator, it is an excellent alternative to Google Analytics.

That’s it for this Week 👋

⏭️ Next week is currently up in the air, but I might do a round-up of WordCamp US.

🤔 Although I am at a conference on Friday, something might come up there.

😃 I always enjoy a mini-series, and I will do another one soon. Please reply to this email friend and let me know what you want the next mini-series to be on.

Weekly WordPress News & Tips

WordPress News & Tips are back, offering excellent and insightful content this week!

  • Eye-Catching - Build Engaging Hero Sections with Video & Mesh Gradients (WP Tuts)

  • Early Access - An EDD rival? - Easily sell access or updates to files or software

    Licensing for WooCommerce. (Kestrel)

  • Powerful & Free - Website security checks – WP-CLI for site owners and administrators. (WordPress)

  • Free Plan Changes - If you are on a Cloudflare Free Plan, you might want to disable Speculative Loading and RUM. Here’s why (and more in the comments). (Brian Jackson)

  • Research & Feedback - Woo is at WordCamp US 2024! - make sure you visit their booth! (WooCommerce)

  • Team Performance - Experimental Health Dashboards to Track WordPress Team Progress and Stats (WP Tavern)

  • Security - Introducing the Patchstack VDP platform. (Patchstack)

  • Don’t Overlook - Freelancer Opportunities in WordPress w/ Kurt von Ahnen. (The WP Minute)

  • Call for Speakers - WooSesh 2024 Scheduled for October 29 and 30. (WP Tavern)

If you have a question about this email or WordPress, reply, and I will answer you as soon as possible.

👋 Until next time,

Simon Harper's handwritten signature