Cloudflare Turnstile is a free CAPTCHA alternative that protects your forms from bots and spam without annoying real users. Most visitors will never see a challenge. It runs invisibly in the background and verifies that visitors are human.

1. Log in to your Cloudflare Dashboard at dash.cloudflare.com
2. Go to Turnstile in the left sidebar
3. Click "Add Site"
4. Enter your site name and domain: bestphuketguide.com
5. Select Managed widget mode (recommended, invisible for most users)
6. Click "Create"

After creating the widget, you will see two keys:

• Site Key (public): safe to use in frontend code
• Secret Key (private): NEVER expose to frontend

1. Go to Settings in your admin panel
2. Click the "Security" tab
3. Toggle "Enable Turnstile" ON
4. Paste your Site Key and Secret Key
5. Click "Save Security Settings"

Cloudflare provides test keys for local development:

• Widget not showing? Check that Turnstile is enabled in admin settings and the Site Key is correct.
• "Bot verification required" error? The widget did not generate a token. Try refreshing the page.
• "Bot verification failed" error? The Secret Key may be wrong or the token expired (tokens last 300 seconds).
• Works locally but not in production? Make sure the domain in Cloudflare Turnstile matches your production domain. Test keys only work on localhost.

Cloudflare Turnstile is completely free with unlimited verifications. No usage limits.