Cloudflare Turnstile for Prestashop

Turnstile is Cloudflare's smart CAPTCHA alternative. The module allows Turnstile to protect your Prestashop forms:

  • Contact
  • Login
  • Register
  • Reset password
  • Custom form

Cloudflare Turnstile for Prestashop


  • Prestashop >=
  • PHP >= 7.2.0


Download the file from the last release assets.


Go to the admin module catalog section and click Upload a module. Select the downloaded zip file.


Move the downloaded file in the Prestashop modules directory and unzip the archive. Go to the admin module catalog section and search for "Cloudflare Turnstile".


  • Sitekey: the sitekey given for the site in your Cloudflare dashboard
  • Secret key: the secret key given for the site in your Cloudflare dashboard
  • Theme: the Turnstile theme (auto, light or dark)
  • Forms to validate: the forms where a Turnstile validation is required

For the registration form, the widget is automatically added with a hook. For "contact", "login" and "reset password" forms, you need to manually add the widget in the template files, usually before the validation button.

Never select a form to validate without the widget in the form template.


{widget name='pixel_cloudflare_turnstile'}

Override the default configured theme by adding a theme option (auto, light or dark):

{widget name='pixel_cloudflare_turnstile' theme='dark'}

Override the default action name by adding an action option:

{widget name='pixel_cloudflare_turnstile' action='my-form'}


Form Template
Contact themes/{themeName}/modules/contactform/views/templates/widget/contactform.tpl
Login themes/{themeName}/templates/customer/_partials/login-form.tpl
Reset password themes/{themeName}/templates/customer/password-email.tpl

Protect a custom or third-party form

  1. Add the Cloudflare Turnstile widget in the Smarty form template:
{widget name='pixel_cloudflare_turnstile' action='custom-form'}
  1. In a module, add a new hook to call Turnstile validation on form post:
public function install(): bool
    return parent::install() &&

public function hookActionFrontControllerInitBefore(array $params): void
    $controllerClass = get_class($params['controller']);

    if ($controllerClass === 'MyFormController' && Tools::isSubmit('myForm')) {

If the validation fails, the customer is redirected to the previous page with an error message.


Use the following sitekeys and secret keys for testing purposes:


Sitekey Description
1x00000000000000000000AA Always passes
2x00000000000000000000AB Always blocks
3x00000000000000000000FF Forces an interactive challenge

Secret key

Secret key Description
1x0000000000000000000000000000000AA Always passes
2x0000000000000000000000000000000AA Always fails
3x0000000000000000000000000000000AA Yields a "token already spent" error


1.1.1 (17/02/20233)

  • Fix renew password form turnstile error

1.1.0 (14/10/2022)

  • Prestashop 8.0.0 compatibility

1.0.3 (17/10/2022)

  • Custom or third party form validation

1.0.2 (14/10/2022)

  • Update version and author name

  • Update readme

1.0.1 (14/10/2022)

  • First release
The module allows Turnstile to protect your Prestashop forms