diff --git a/Lib/WeDevs_Settings_API.php b/Lib/WeDevs_Settings_API.php
index 7a5cd9ad5..9f3098aa8 100644
--- a/Lib/WeDevs_Settings_API.php
+++ b/Lib/WeDevs_Settings_API.php
@@ -140,6 +140,7 @@ function admin_init() {
                     'max'               => isset( $option['max'] ) ? $option['max'] : '',
                     'step'              => isset( $option['step'] ) ? $option['step'] : '',
                     'is_pro_preview'    => ! empty( $option['is_pro_preview'] ) ? $option['is_pro_preview'] : false,
+                    'depends_on'        => ! empty( $option['depends_on'] ) ? $option['depends_on'] : '',
                 );
 
                 add_settings_field( $section . '[' . $option['name'] . ']', $option['label'], (isset($option['callback']) ? $option['callback'] : array($this, 'callback_' . $type )), $section, $section, $args );
@@ -173,14 +174,17 @@ public function get_field_description( $args ) {
      * @param array   $args settings field args
      */
     function callback_text( $args ) {
-
         $value       = esc_attr( $this->get_option( $args['id'], $args['section'], $args['std'] ) );
         $size        = isset( $args['size'] ) && !is_null( $args['size'] ) ? $args['size'] : 'regular';
         $type        = isset( $args['type'] ) ? $args['type'] : 'text';
         $placeholder = empty( $args['placeholder'] ) ? '' : ' placeholder="' . $args['placeholder'] . '"';
         $disabled    = ! empty( $args['is_pro_preview'] ) && $args['is_pro_preview'] ? 'disabled' : '';
+        $depends_on  = ! empty( $args['depends_on'] ) ? $args['depends_on'] : '';
 
-        $html        = sprintf( '<input type="%1$s" class="%2$s-text" id="%3$s[%4$s]" name="%3$s[%4$s]" value="%5$s"%6$s %7$s/>', $type, $size, $args['section'], $args['id'], $value, $placeholder, $disabled );
+        $html        = sprintf(
+            '<input type="%1$s" class="%2$s-text" id="%3$s[%4$s]" name="%3$s[%4$s]" value="%5$s"%6$s %7$s data-depends-on="%8$s" />',
+            $type, $size, $args['section'], $args['id'], $value, $placeholder, $disabled, $depends_on
+        );
         $html       .= $this->get_field_description( $args );
 
         if ( ! empty( $args['is_pro_preview'] ) && $args['is_pro_preview'] ) {
@@ -460,6 +464,38 @@ function callback_color( $args ) {
         echo $html;
     }
 
+    /**
+     * Displays a toggle field for a settings field
+     *
+     * @param array   $args settings field args
+     */
+    public function callback_toggle( $args ) {
+        $value    = esc_attr( $this->get_option( $args['id'], $args['section'], $args['std'] ) );
+        $disabled = ! empty( $args['is_pro_preview'] ) && $args['is_pro_preview'] ? 'disabled' : '';
+        $name = $args['section'] . '[' . $args['id'] . ']';
+        ?>
+        <fieldset>
+            <label for="<?php echo 'wpuf-' . $name; ?>" class="wpuf-toggle-switch">
+                <input
+                    type="hidden"
+                    name="<?php echo $name; ?>"
+                    value="off" />
+                <input
+                    type="checkbox"
+                    <?php echo $value === 'on' ? 'checked' : ''; ?>
+                    <?php echo $disabled ? 'disabled' : ''; ?>
+                    id="<?php echo 'wpuf-' . $name; ?>"
+                    name="<?php echo $name; ?>"
+                    class="wpuf-toggle-module checkbox"
+                    value="on">
+                <span class="slider round"></span>
+            </label>
+        </fieldset>
+
+        <?php echo $args['desc']; ?>
+        <?php
+    }
+
     /**
      * Sanitize callback for Settings API
      *
@@ -673,6 +709,44 @@ function(){
 
                 // disable the pro preview checkboxes
                 $('span.pro-icon-title').siblings('input[type="checkbox"]').prop('disabled', true);
+
+                var fields = $('table.form-table input, table.form-table select, table.form-table textarea');
+
+                // iterate over each field and check if it depends on another field
+                fields.each(function() {
+                    var $this = $(this);
+                    var data_depends_on = $this.data('depends-on');
+
+                    if (!data_depends_on) {
+                        return;
+                    }
+
+                    var $depends_on = $("input[id*='"+ data_depends_on +"']");
+                    var $depends_on_type = $depends_on.attr('type');
+
+                    if ($depends_on_type === 'checkbox') {
+                        if ($depends_on.is(':checked')) {
+                            $this.closest('tr').show();
+                        } else {
+                            $this.closest('tr').hide();
+                        }
+                        $depends_on.on('change', function() {
+                            if ($(this).is(':checked')) {
+                                $this.closest('tr').show();
+                            } else {
+                                $this.closest('tr').hide();
+                            }
+                        });
+                    } else {
+                        $depends_on.on('keyup change', function() {
+                            if ($(this).val() === $this.data('depends-on-value')) {
+                                $this.closest('tr').show();
+                            } else {
+                                $this.closest('tr').hide();
+                            }
+                        });
+                    }
+                });
             });
         </script>
 
diff --git a/admin/form-builder/assets/js/components/form-cloudflare_turnstile/index.js b/admin/form-builder/assets/js/components/form-cloudflare_turnstile/index.js
new file mode 100644
index 000000000..1de5a8a4b
--- /dev/null
+++ b/admin/form-builder/assets/js/components/form-cloudflare_turnstile/index.js
@@ -0,0 +1,36 @@
+/**
+ * Field template: Cloudflare Turnstile
+ */
+Vue.component('form-cloudflare_turnstile', {
+    template: '#tmpl-wpuf-form-cloudflare_turnstile',
+
+    mixins: [
+        wpuf_mixins.form_field_mixin
+    ],
+
+    computed: {
+        has_turnstile_api_keys: function () {
+            return wpuf_form_builder.turnstile_site && wpuf_form_builder.turnstile_secret;
+        },
+
+        no_api_keys_msg: function () {
+            return wpuf_form_builder.field_settings.turnstile.validator.msg;
+        },
+
+        turnstile_image: function () {
+            var base_url = wpuf_form_builder.asset_url + '/images/cloudflare-placeholder-';
+
+            if (this.field.turnstile_theme === 'dark') {
+                base_url += 'dark';
+            } else {
+                base_url += 'light';
+            }
+
+            if (this.field.turnstile_size === 'compact') {
+                base_url += '-compact';
+            }
+
+            return base_url + '.png';
+        }
+    }
+});
diff --git a/admin/form-builder/assets/js/components/form-cloudflare_turnstile/template.php b/admin/form-builder/assets/js/components/form-cloudflare_turnstile/template.php
new file mode 100644
index 000000000..6eb749161
--- /dev/null
+++ b/admin/form-builder/assets/js/components/form-cloudflare_turnstile/template.php
@@ -0,0 +1,12 @@
+<div class="wpuf-fields">
+    <template v-if="!has_turnstile_api_keys">
+        <p v-html="no_api_keys_msg"></p>
+    </template>
+
+    <template v-else>
+        <img
+            class="wpuf-turnstile-placeholder"
+            :src="turnstile_image"
+            alt="">
+    </template>
+</div>
diff --git a/admin/form-builder/assets/js/mixins/global.js b/admin/form-builder/assets/js/mixins/global.js
index 60ecffd03..0482a6834 100644
--- a/admin/form-builder/assets/js/mixins/global.js
+++ b/admin/form-builder/assets/js/mixins/global.js
@@ -44,6 +44,10 @@ Vue.mixin({
             return (wpuf_form_builder.recaptcha_site && wpuf_form_builder.recaptcha_secret) ? true : false;
         },
 
+        has_turnstile_api_keys: function () {
+            return wpuf_form_builder.turnstile_site && wpuf_form_builder.turnstile_secret;
+        },
+
         containsField: function(field_name) {
             var self = this,
                 i = 0;
diff --git a/assets/css/admin.css b/assets/css/admin.css
index bfd70f2d3..27f72c7db 100644
--- a/assets/css/admin.css
+++ b/assets/css/admin.css
@@ -944,6 +944,50 @@ span.pro-icon:hover .wpuf-pro-field-tooltip {
 .wrap h2.with-headway-icon #HW_frame_cont {
   top: 78px !important;
 }
+.wpuf-toggle-switch {
+  position: relative;
+  display: inline-block;
+  width: 50px;
+  height: 26px;
+}
+.wpuf-toggle-switch input {
+  display: none;
+}
+.wpuf-toggle-switch input:checked + .slider {
+  background-color: #0073aa;
+}
+.wpuf-toggle-switch input:focus + .slider {
+  box-shadow: 0 0 1px #2196F3;
+}
+.wpuf-toggle-switch input:checked + .slider:before {
+  transform: translateX(26px);
+}
+.wpuf-toggle-switch .slider {
+  position: absolute;
+  cursor: pointer;
+  top: 0;
+  left: 0;
+  right: 0;
+  bottom: 0;
+  background-color: #ccc;
+  transition: .2s;
+}
+.wpuf-toggle-switch .slider.round {
+  border-radius: 34px;
+}
+.wpuf-toggle-switch .slider.round:before {
+  border-radius: 50%;
+}
+.wpuf-toggle-switch .slider::before {
+  position: absolute;
+  content: "";
+  height: 18px;
+  width: 18px;
+  left: 3px;
+  bottom: 4px;
+  background-color: white;
+  transition: .2s;
+}
 @media only screen and (max-width: 1399px) {
   a.wpuf-button.button-upgrade-to-pro {
     padding: 10px;
diff --git a/assets/css/admin/wpuf-module.css b/assets/css/admin/wpuf-module.css
index 95c0f032f..3485758af 100644
--- a/assets/css/admin/wpuf-module.css
+++ b/assets/css/admin/wpuf-module.css
@@ -35,65 +35,6 @@
     line-height: 1.6em;
 }
 
-.wpuf-toggle-switch {
-    position: relative;
-    display: inline-block;
-    width: 50px;
-    height: 26px;
-}
-
-.wpuf-toggle-switch input {
-    display: none;
-}
-
-.wpuf-toggle-switch .slider {
-    position: absolute;
-    cursor: pointer;
-    top: 0;
-    left: 0;
-    right: 0;
-    bottom: 0;
-    background-color: #ccc;
-    -webkit-transition: .4s;
-    transition: .4s;
-}
-
-.wpuf-toggle-switch .slider:before {
-    position: absolute;
-    content: "";
-    height: 18px;
-    width: 18px;
-    left: 3px;
-    bottom: 4px;
-    background-color: white;
-    -webkit-transition: .4s;
-    transition: .4s;
-}
-
-.wpuf-toggle-switch input:checked + .slider {
-    background-color: #0073aa;
-}
-
-.wpuf-toggle-switch input:focus + .slider {
-    -webkit-box-shadow: 0 0 1px #2196F3;
-    box-shadow: 0 0 1px #2196F3;
-}
-
-.wpuf-toggle-switch input:checked + .slider:before {
-    -webkit-transform: translateX(26px);
-    -ms-transform: translateX(26px);
-    transform: translateX(26px);
-}
-
-/* Rounded sliders */
-.slider.round {
-    border-radius: 34px;
-}
-
-.slider.round:before {
-    border-radius: 50%;
-}
-
 .wpuf-modules .plugin-card {
     border: 1px solid #e5e5e5;
     -webkit-box-shadow: 0 1px 1px rgba(0, 0, 0, 0.04);
diff --git a/assets/css/frontend-forms.css b/assets/css/frontend-forms.css
index 0ff853676..39fb30fe9 100644
--- a/assets/css/frontend-forms.css
+++ b/assets/css/frontend-forms.css
@@ -84,7 +84,7 @@ body .wpuf-error {
   background-color: #f2dede;
   color: #a94442;
   border: 1px solid #ebccd1;
-  margin: 10px 10px 20px;
+  margin: 10px 0 20px 0;
   padding: 10px;
   -webkit-border-radius: 3px;
   -moz-border-radius: 3px;
diff --git a/assets/images/cloudflare-placeholder-dark-compact.png b/assets/images/cloudflare-placeholder-dark-compact.png
new file mode 100644
index 000000000..ed8eae746
Binary files /dev/null and b/assets/images/cloudflare-placeholder-dark-compact.png differ
diff --git a/assets/images/cloudflare-placeholder-dark.png b/assets/images/cloudflare-placeholder-dark.png
new file mode 100644
index 000000000..417250f0e
Binary files /dev/null and b/assets/images/cloudflare-placeholder-dark.png differ
diff --git a/assets/images/cloudflare-placeholder-light-compact.png b/assets/images/cloudflare-placeholder-light-compact.png
new file mode 100644
index 000000000..be7012d1c
Binary files /dev/null and b/assets/images/cloudflare-placeholder-light-compact.png differ
diff --git a/assets/images/cloudflare-placeholder-light.png b/assets/images/cloudflare-placeholder-light.png
new file mode 100644
index 000000000..b63cd087c
Binary files /dev/null and b/assets/images/cloudflare-placeholder-light.png differ
diff --git a/assets/js-templates/form-components.php b/assets/js-templates/form-components.php
index ca68db439..93414ac83 100644
--- a/assets/js-templates/form-components.php
+++ b/assets/js-templates/form-components.php
@@ -438,6 +438,21 @@ class="option-chooser-radio"
 </div>
 </script>
 
+<script type="text/x-template" id="tmpl-wpuf-form-cloudflare_turnstile">
+<div class="wpuf-fields">
+    <template v-if="!has_turnstile_api_keys">
+        <p v-html="no_api_keys_msg"></p>
+    </template>
+
+    <template v-else>
+        <img
+            class="wpuf-turnstile-placeholder"
+            :src="turnstile_image"
+            alt="">
+    </template>
+</div>
+</script>
+
 <script type="text/x-template" id="tmpl-wpuf-form-column_field">
 <div v-bind:class="['wpuf-field-columns', 'has-columns-'+field.columns]">
     <div class="wpuf-column-field-inner-columns">
diff --git a/assets/js/wpuf-form-builder-components.js b/assets/js/wpuf-form-builder-components.js
index 6d0eb5d92..a23c61525 100644
--- a/assets/js/wpuf-form-builder-components.js
+++ b/assets/js/wpuf-form-builder-components.js
@@ -765,6 +765,43 @@ Vue.component('form-checkbox_field', {
     ]
 });
 
+/**
+ * Field template: Cloudflare Turnstile
+ */
+Vue.component('form-cloudflare_turnstile', {
+    template: '#tmpl-wpuf-form-cloudflare_turnstile',
+
+    mixins: [
+        wpuf_mixins.form_field_mixin
+    ],
+
+    computed: {
+        has_turnstile_api_keys: function () {
+            return wpuf_form_builder.turnstile_site && wpuf_form_builder.turnstile_secret;
+        },
+
+        no_api_keys_msg: function () {
+            return wpuf_form_builder.field_settings.turnstile.validator.msg;
+        },
+
+        turnstile_image: function () {
+            var base_url = wpuf_form_builder.asset_url + '/images/cloudflare-placeholder-';
+
+            if (this.field.turnstile_theme === 'dark') {
+                base_url += 'dark';
+            } else {
+                base_url += 'light';
+            }
+
+            if (this.field.turnstile_size === 'compact') {
+                base_url += '-compact';
+            }
+
+            return base_url + '.png';
+        }
+    }
+});
+
 /**
  * Field template: Column Field
  */
diff --git a/assets/js/wpuf-form-builder-mixins.js b/assets/js/wpuf-form-builder-mixins.js
index ef8d9bbee..7380deac1 100644
--- a/assets/js/wpuf-form-builder-mixins.js
+++ b/assets/js/wpuf-form-builder-mixins.js
@@ -151,6 +151,10 @@ Vue.mixin({
             return (wpuf_form_builder.recaptcha_site && wpuf_form_builder.recaptcha_secret) ? true : false;
         },
 
+        has_turnstile_api_keys: function () {
+            return wpuf_form_builder.turnstile_site && wpuf_form_builder.turnstile_secret;
+        },
+
         containsField: function(field_name) {
             var self = this,
                 i = 0;
diff --git a/assets/less/admin.less b/assets/less/admin.less
index f275ba4d8..1c15ae848 100644
--- a/assets/less/admin.less
+++ b/assets/less/admin.less
@@ -1169,6 +1169,59 @@ span.pro-icon:hover .wpuf-pro-field-tooltip {
     }
 }
 
+.wpuf-toggle-switch {
+    position: relative;
+    display: inline-block;
+    width: 50px;
+    height: 26px;
+
+    input {
+        display: none;
+
+        &:checked + .slider {
+            background-color: #0073aa;
+        }
+
+        &:focus + .slider {
+            box-shadow: 0 0 1px #2196F3;
+        }
+
+        &:checked + .slider:before {
+            transform: translateX(26px);
+        }
+    }
+
+    .slider {
+        position: absolute;
+        cursor: pointer;
+        top: 0;
+        left: 0;
+        right: 0;
+        bottom: 0;
+        background-color: #ccc;
+        transition: .2s;
+
+        &.round {
+            border-radius: 34px;
+        }
+
+        &.round:before {
+            border-radius: 50%;
+        }
+
+        &::before {
+            position: absolute;
+            content: "";
+            height: 18px;
+            width: 18px;
+            left: 3px;
+            bottom: 4px;
+            background-color: white;
+            transition: .2s;
+        }
+    }
+}
+
 @media only screen and (max-width: 1399px) {
     a.wpuf-button.button-upgrade-to-pro {
         padding: 10px;
diff --git a/assets/less/frontend-forms.less b/assets/less/frontend-forms.less
index 6954c3b8a..902907249 100644
--- a/assets/less/frontend-forms.less
+++ b/assets/less/frontend-forms.less
@@ -116,7 +116,7 @@ body {
     background-color: #f2dede;
     color: #a94442;
     border: 1px solid #ebccd1;
-    margin: 10px 10px 20px;
+    margin: 10px 0 20px 0;
     padding: 10px;
     .border-radius(3px);
     font-size: 13px;
diff --git a/includes/Admin/Forms/Admin_Form_Builder.php b/includes/Admin/Forms/Admin_Form_Builder.php
index bbcf8d951..3b051b337 100644
--- a/includes/Admin/Forms/Admin_Form_Builder.php
+++ b/includes/Admin/Forms/Admin_Form_Builder.php
@@ -124,6 +124,7 @@ public function admin_enqueue_scripts() {
             'password',
             'user_avatar',
             'taxonomy',
+            'cloudflare_turnstile',
         ];
         $taxonomy_terms = array_keys( get_taxonomies() );
         $single_objects = array_merge( $single_objects, $taxonomy_terms );
@@ -159,8 +160,11 @@ public function admin_enqueue_scripts() {
                 'notifications'    => wpuf_get_form_notifications( $post->ID ),
                 'pro_link'         => Pro_Prompt::get_pro_url(),
                 'site_url'         => site_url( '/' ),
+                'asset_url'        => WPUF_ASSET_URI,
                 'recaptcha_site'   => wpuf_get_option( 'recaptcha_public', 'wpuf_general' ),
                 'recaptcha_secret' => wpuf_get_option( 'recaptcha_private', 'wpuf_general' ),
+                'turnstile_site'   => wpuf_get_option( 'turnstile_site_key', 'wpuf_general' ),
+                'turnstile_secret' => wpuf_get_option( 'turnstile_secret_key', 'wpuf_general' ),
                 'nonce'            => wp_create_nonce( 'form-builder-setting-nonce' ),
             ]
         );
diff --git a/includes/Admin/Forms/Field_Manager.php b/includes/Admin/Forms/Field_Manager.php
index b3ca8f9a7..db3f2e771 100755
--- a/includes/Admin/Forms/Field_Manager.php
+++ b/includes/Admin/Forms/Field_Manager.php
@@ -5,6 +5,7 @@
 use WeDevs\Wpuf\Admin\Subscription;
 use WeDevs\Wpuf\Fields\Field_Contract;
 use WeDevs\Wpuf\Fields\Form_Field_Checkbox;
+use WeDevs\Wpuf\Fields\Form_Field_Cloudflare_Turnstile;
 use WeDevs\Wpuf\Fields\Form_Field_Column;
 use WeDevs\Wpuf\Fields\Form_Field_Dropdown;
 use WeDevs\Wpuf\Fields\Form_Field_Email;
@@ -83,25 +84,26 @@ public function get_field( $field_type ) {
      */
     private function register_field_types() {
         $fields = [
-            'post_title'          => new Form_Field_Post_Title(),
-            'post_content'        => new Form_Field_Post_Content(),
-            'post_tags'           => new Form_Field_Post_Tags(),
-            'taxonomy'            => new Form_Field_Post_Taxonomy( 'category', 'category' ),
-            'text_field'          => new Form_Field_Text(),
-            'email_address'       => new Form_Field_Email(),
-            'textarea_field'      => new Form_Field_Textarea(),
-            'radio_field'         => new Form_Field_Radio(),
-            'checkbox_field'      => new Form_Field_Checkbox(),
-            'dropdown_field'      => new Form_Field_Dropdown(),
-            'multiple_select'     => new Form_Field_MultiDropdown(),
-            'website_url'         => new Form_Field_URL(),
-            'column_field'        => new Form_Field_Column(),
-            'section_break'       => new Form_Field_SectionBreak(),
-            'custom_html'         => new Form_Field_HTML(),
-            'custom_hidden_field' => new Form_Field_Hidden(),
-            'image_upload'        => new Form_Field_Image(),
-            'recaptcha'           => new Form_Field_reCaptcha(),
-            'featured_image'      => new Form_Field_Featured_Image(),
+            'post_title'           => new Form_Field_Post_Title(),
+            'post_content'         => new Form_Field_Post_Content(),
+            'post_tags'            => new Form_Field_Post_Tags(),
+            'taxonomy'             => new Form_Field_Post_Taxonomy( 'category', 'category' ),
+            'text_field'           => new Form_Field_Text(),
+            'email_address'        => new Form_Field_Email(),
+            'textarea_field'       => new Form_Field_Textarea(),
+            'radio_field'          => new Form_Field_Radio(),
+            'checkbox_field'       => new Form_Field_Checkbox(),
+            'dropdown_field'       => new Form_Field_Dropdown(),
+            'multiple_select'      => new Form_Field_MultiDropdown(),
+            'website_url'          => new Form_Field_URL(),
+            'column_field'         => new Form_Field_Column(),
+            'section_break'        => new Form_Field_SectionBreak(),
+            'custom_html'          => new Form_Field_HTML(),
+            'custom_hidden_field'  => new Form_Field_Hidden(),
+            'image_upload'         => new Form_Field_Image(),
+            'recaptcha'            => new Form_Field_reCaptcha(),
+            'cloudflare_turnstile' => new Form_Field_Cloudflare_Turnstile(),
+            'featured_image'       => new Form_Field_Featured_Image(),
         ];
         $this->fields = apply_filters( 'wpuf_form_fields', $fields );
     }
@@ -170,6 +172,7 @@ private function get_others_fields() {
                 'section_break',
                 'custom_html',
                 'recaptcha',
+                'cloudflare_turnstile',
             ]
         );
 
diff --git a/includes/Admin/Plugin_Upgrade_Notice.php b/includes/Admin/Plugin_Upgrade_Notice.php
index 05341db78..40b023fe3 100644
--- a/includes/Admin/Plugin_Upgrade_Notice.php
+++ b/includes/Admin/Plugin_Upgrade_Notice.php
@@ -84,7 +84,7 @@ protected function check_for_notice() {
 
         $min_version = ! empty( $notice['min-version'] ) ? $notice['min-version'] : '';
 
-        if ( version_compare( WPUF_VERSION, $min_version,  '>=' ) ) {
+        if ( version_compare( WPUF_VERSION, $min_version, '>=' ) ) {
             return;
         }
 
diff --git a/includes/Assets.php b/includes/Assets.php
index a34eb9e30..c74370b7a 100644
--- a/includes/Assets.php
+++ b/includes/Assets.php
@@ -318,7 +318,7 @@ public function get_scripts() {
                 'version'   => '1.6.0',
                 'in_footer' => true,
             ],
-            'admin-shortcode'                => [
+            'admin-shortcode'          => [
                 'src'  => WPUF_ASSET_URI . '/js/admin-shortcode.js',
                 'deps' => [ 'jquery' ],
             ],
@@ -374,6 +374,9 @@ public function get_scripts() {
             'headway'                  => [
                 'src'  => '//cdn.headwayapp.co/widget.js',
             ],
+            'turnstile'                  => [
+                'src'  => 'https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback',
+            ],
         ];
 
         if ( ! empty( $api_key ) ) {
diff --git a/includes/Fields/Form_Field_Cloudflare_Turnstile.php b/includes/Fields/Form_Field_Cloudflare_Turnstile.php
new file mode 100755
index 000000000..e9cb326e9
--- /dev/null
+++ b/includes/Fields/Form_Field_Cloudflare_Turnstile.php
@@ -0,0 +1,168 @@
+<?php
+
+namespace WeDevs\Wpuf\Fields;
+
+/**
+ * Turnstile Field Class
+ */
+class Form_Field_Cloudflare_Turnstile extends Field_Contract {
+    public function __construct() {
+        $this->name       = __( 'Cloudflare Turnstile', 'wp-user-frontend' );
+        $this->input_type = 'cloudflare_turnstile';
+        $this->icon       = 'cloud';
+
+        wp_enqueue_script( 'wpuf-turnstile' );
+    }
+
+    /**
+     * Render the field in frontend
+     *
+     * @since WPUF_SINCE
+     *
+     * @param array $field_settings
+     * @param int   $form_id
+     *
+     * @return void
+     */
+    public function render( $field_settings, $form_id, $type = 'post', $post_id = null ) {
+        $turnstile = wpuf_get_option( 'login_form_turnstile', 'wpuf_profile', 'off' );
+        $site_key  = wpuf_get_option( 'turnstile_site_key', 'wpuf_general', '' );
+        $theme     = ! empty( $field_settings['turnstile_theme'] ) ? $field_settings['turnstile_theme'] : 'light';
+        $size      = ! empty( $field_settings['turnstile_size'] ) ? $field_settings['turnstile_size'] : 'normal';
+        $action    = ! empty( $field_settings['turnstile_type'] ) ? $field_settings['turnstile_type'] : 'non-interactive';
+
+        if ( 'off' === $turnstile || empty( $site_key ) ) {
+            return;
+        }
+
+        $action = 'non_interactive' === $action ? 'non-interactive' : $action;
+        ?>
+
+        <div
+            <?php if ( 'invisible' === $action ) { ?>
+                style="display: none;"
+            <?php } ?>
+            id="wpuf-turnstile"
+            class="wpuf-turnstile"></div>
+
+        <script>
+            window.onloadTurnstileCallback = function () {
+                turnstile.render("#wpuf-turnstile", {
+                    sitekey: "<?php echo esc_js( $site_key ); ?>",
+                    theme:"<?php echo esc_js( $theme ); ?>",
+                    size:"<?php echo esc_js( $size ); ?>"
+                });
+            };
+        </script>
+
+        <?php
+    }
+
+    /**
+     * Custom validator
+     *
+     * @since WPUF_SINCE
+     *
+     * @return array
+     */
+    public function get_validator() {
+        return [
+            'callback'      => 'has_turnstile_api_keys',
+            'button_class'  => 'button-faded',
+            'msg_title'     => __( 'Site key and Secret key', 'wp-user-frontend' ),
+            'msg'           => sprintf(
+                // translators: %s: settings url
+                __( 'You need to set Site key and Secret key in <a href="%1$s" target="_blank">Settings</a> in order to use "Cloudflare Turnstile" field. <a href="%2$s" target="_blank">Click here to get the these key</a>.', 'wp-user-frontend' ),
+                admin_url( 'admin.php?page=wpuf-settings' ),
+                'https://developers.cloudflare.com/turnstile/'
+            ),
+        ];
+    }
+
+    /**
+     * Get field options setting
+     *
+     * @since WPUF_SINCE
+     *
+     * @return array
+     */
+    public function get_options_settings() {
+        $settings = [
+            [
+                'name'          => 'label',
+                'title'         => __( 'Title', 'wp-user-frontend' ),
+                'type'          => 'text',
+                'section'       => 'basic',
+                'priority'      => 10,
+                'help_text'     => __( 'Title of the section', 'wp-user-frontend' ),
+            ],
+            [
+                'name'          => 'turnstile_theme',
+                'title'         => 'Turnstile Theme',
+                'type'          => 'radio',
+                'options'       => [
+                    'light' => __( 'Light', 'wp-user-frontend' ),
+                    'dark'  => __( 'Dark', 'wp-user-frontend' ),
+                ],
+                'default'       => 'light',
+                'section'       => 'basic',
+                'priority'      => 12,
+                'help_text'     => __( 'Select turnstile theme', 'wp-user-frontend' ),
+            ],
+            [
+                'name'          => 'turnstile_size',
+                'title'         => 'Turnstile Size',
+                'type'          => 'radio',
+                'options'       => [
+                    'normal'   => __( 'Normal [Width: 300px, Height: 65px]', 'wp-user-frontend' ),
+                    'flexible' => __( 'Flexible [Width: 100% (min: 300px), Height: 65px]', 'wp-user-frontend' ),
+                    'compact'  => __( 'Compact [Width: 150px, Height: 140px]', 'wp-user-frontend' ),
+                ],
+                'default'       => 'normal',
+                'section'       => 'basic',
+                'priority'      => 13,
+                'help_text'     => __( 'Select turnstile size', 'wp-user-frontend' ),
+            ],
+            [
+                'name'      => 'turnstile_type',
+                'title'     => 'Turnstile type',
+                'type'      => 'radio',
+                'options'   => [
+                    'managed'         => __( 'Managed (recommended)', 'wp-user-frontend' ),
+                    'non_interactive' => __( 'Non-Interactive', 'wp-user-frontend' ),
+                    'invisible'       => __( 'Invisible', 'wp-user-frontend' ),
+                ],
+                'default'   => 'managed',
+                'section'   => 'advanced',
+                'priority'  => 11,
+                'help_text' => __( 'Select turnstile type', 'wp-user-frontend' ),
+            ],
+        ];
+
+        return $settings;
+    }
+
+    /**
+     * Get the field props
+     *
+     * @since WPUF_SINCE
+     *
+     * @return array
+     */
+    public function get_field_props() {
+
+        $props = [
+            'input_type'      => 'turnstile',
+            'template'        => $this->get_type(),
+            'label'           => '',
+            'turnstile_type'  => 'managed',
+            'turnstile_theme' => 'light',
+            'turnstile_size'  => 'normal',
+            'is_meta'         => 'yes',
+            'id'              => 0,
+            'wpuf_cond'       => null,
+        ];
+
+        return $props;
+    }
+}
diff --git a/includes/Free/Simple_Login.php b/includes/Free/Simple_Login.php
index 200e7f638..2afac5da4 100644
--- a/includes/Free/Simple_Login.php
+++ b/includes/Free/Simple_Login.php
@@ -19,6 +19,13 @@ class Simple_Login {
 
     private $messages = [];
 
+    /**
+     * Cloudflare Turnstile messages
+     *
+     * @var array
+     */
+    private $cf_messages = [];
+
     private static $_instance;
 
     public function __construct() {
@@ -339,7 +346,7 @@ public function login_form() {
         $reset = isset( $getdata['reset'] ) ? sanitize_text_field( $getdata['reset'] ) : '';
 
         if ( false === $login_page ) {
-            return;
+            return '';
         }
 
         ob_start();
@@ -394,6 +401,11 @@ public function login_form() {
 
                 default:
                     $loggedout = isset( $getdata['loggedout'] ) ? sanitize_text_field( $getdata['loggedout'] ) : '';
+                    $enable_turnstile = wpuf_get_option( 'enable_turnstile', 'wpuf_general', 'off' );
+
+                    if ( 'on' === $enable_turnstile ) {
+                        wp_enqueue_script( 'wpuf-turnstile' );
+                    }
 
                     if ( $loggedout === 'true' ) {
                         $this->messages[] = __( 'You are now logged out.', 'wp-user-frontend' );
@@ -410,6 +422,52 @@ public function login_form() {
         return ob_get_clean();
     }
 
+    /**
+     * Verify if cloudflare turnstile request is successful
+     *
+     * @since WPUF_SINCE
+     *
+     * @return bool
+     */
+    private function verify_cloudflare_turnstile_on_login() {
+        $nonce = isset( $_POST['wpuf-login-nonce'] ) ? sanitize_key( wp_unslash( $_POST['wpuf-login-nonce'] ) ) : '';
+
+        if ( isset( $nonce ) && ! wp_verify_nonce( $nonce, 'wpuf_login_action' ) ) {
+            return false;
+        }
+
+        $secret = wpuf_get_option( 'turnstile_secret_key', 'wpuf_general', '' );
+
+        if ( empty( $secret ) ) {
+            return false;
+        }
+
+        $remote_addr = ! empty( $_SERVER['REMOTE_ADDR'] ) ? sanitize_url(
+            wp_unslash( $_SERVER['REMOTE_ADDR'] )
+        ) : '';
+
+        $cf_url = 'https://challenges.cloudflare.com/turnstile/v0/siteverify';
+        $token  = ! empty( $_POST['cf-turnstile-response'] ) ? sanitize_text_field( wp_unslash( $_POST['cf-turnstile-response'] ) ) : '';
+
+        // Request data
+        $data = [
+            'secret'   => $secret,
+            'response' => $token,
+            'remoteip' => $remote_addr,
+        ];
+
+        $response = wp_remote_post( $cf_url, [ 'body' => $data ] );
+        $body     = json_decode( wp_remote_retrieve_body( $response ), true );
+
+        if ( ! empty( $body['success'] ) ) {
+            return true;
+        } else {
+            $this->cf_messages[] = ! empty( $body['error-codes'] ) ? $body['error-codes'] : '';
+
+            return false;
+        }
+    }
+
     /**
      * Remove selected cookie to have consistency with the login nonce.
      * fixes WooCommerce Stripe Gateway plugin conflict
@@ -447,10 +505,24 @@ public function process_login() {
             return;
         }
 
-        $log = isset( $_POST['log'] ) ? esc_attr( wp_unslash( $_POST['log'] ) ) : '';
-        $pwd = isset( $_POST['pwd'] ) ? trim( $_POST['pwd'] ) : '';
+        $log = isset( $_POST['log'] ) ? sanitize_text_field( wp_unslash( $_POST['log'] ) ) : '';
+        $pwd = isset( $_POST['pwd'] ) ? sanitize_text_field( ( wp_unslash( $_POST['pwd'] ) ) ) : '';
         // $g_recaptcha_response = isset( $_POST['g-recaptcha-response'] ) ? sanitize_text_field( wp_unslash( $_POST['g-recaptcha-response'] ) ) : '';
 
+        if ( ! $this->verify_cloudflare_turnstile_on_login() ) {
+            $errors = ! empty( $this->cf_messages[0] ) ? $this->cf_messages[0] : '';
+            $errors = implode( ', ', $errors );
+            $this->login_errors[] =
+            sprintf(
+                // translators: %1$s and %2$s are strong tags, %3$s is the error message
+                __( '%1$sError%2$s: Cloudflare Turnstile verification failed. Reasons: [%3$s]', 'wp-user-frontend' ),
+                '<strong>',
+                '</strong>',
+                $errors
+            );
+                '<strong>' . __( 'Error', 'wp-user-frontend' ) . ':</strong> ' . __( 'Cloudflare Turnstile verification failed. Reasons: [', 'wp-user-frontend' );
+        }
+
         $validation_error = new WP_Error();
         $validation_error = apply_filters( 'wpuf_process_login_errors', $validation_error, $log, $pwd );
 
diff --git a/includes/functions/settings-options.php b/includes/functions/settings-options.php
index 16d75bb82..315862b35 100644
--- a/includes/functions/settings-options.php
+++ b/includes/functions/settings-options.php
@@ -159,6 +159,29 @@ function wpuf_settings_fields() {
                 'desc'  => __( '<a target="_blank" href="https://www.google.com/recaptcha/">Register here</a> to get reCaptcha Site and Secret keys.',
                                'wp-user-frontend' ),
             ],
+            [
+                'name'    => 'enable_turnstile',
+                'label'   => __( 'Enable Turnstile', 'wp-user-frontend' ),
+                'type'    => 'toggle',
+                'default' => 'off',
+            ],
+            [
+                'name'       => 'turnstile_site_key',
+                'label'      => __( 'Turnstile Site Key', 'wp-user-frontend' ),
+                'depends_on' => 'enable_turnstile',
+            ],
+            [
+                'name'       => 'turnstile_secret_key',
+                'label'      => __( 'Turnstile Secret Key', 'wp-user-frontend' ),
+                'depends_on' => 'enable_turnstile',
+                'desc'       => sprintf(
+                    // translators: %s is a link
+                    __(
+                        '<a target="_blank" href="%1$s">Register here</a> to get Turnstile Site and Secret keys.',
+                        'wp-user-frontend'
+                    ), esc_url( 'https://developers.cloudflare.com/turnstile/' )
+                ),
+            ],
             [
                 'name'  => 'custom_css',
                 'label' => __( 'Custom CSS codes', 'wp-user-frontend' ),
@@ -431,6 +454,17 @@ function wpuf_settings_fields() {
                 'type'    => 'checkbox',
                 'default' => 'off',
             ],
+            [
+                'name'       => 'login_form_turnstile',
+                'label'      => __( 'Turnstile in Login Form', 'wp-user-frontend' ),
+                'desc'       => __(
+                    'If enabled, users have to verify Cloudflare Turnstile in login page. Also, make sure that Turnstile is configured properly from <b>General Options</b>',
+                    'wp-user-frontend'
+                ),
+                'type'       => 'toggle',
+                'default'    => 'off',
+                'depends_on' => 'enable_turnstile',
+            ],
         ] ),
         'wpuf_payment'          => apply_filters( 'wpuf_options_payment', [
             [
diff --git a/templates/login-form.php b/templates/login-form.php
index c23aaacb1..2b12921ea 100644
--- a/templates/login-form.php
+++ b/templates/login-form.php
@@ -30,8 +30,13 @@
             <input type="password" name="pwd" id="wpuf-user_pass" class="input" value="" size="20" />
         </p>
 
-        <?php $recaptcha = wpuf_get_option( 'login_form_recaptcha', 'wpuf_profile', 'off' ); ?>
-        <?php if ( $recaptcha == 'on' ) { ?>
+        <?php
+            $recaptcha = wpuf_get_option( 'login_form_recaptcha', 'wpuf_profile', 'off' );
+            $turnstile = wpuf_get_option( 'login_form_turnstile', 'wpuf_profile', 'off' );
+
+            $turnstile_site_key = wpuf_get_option( 'turnstile_site_key', 'wpuf_general', '' );
+        ?>
+        <?php if ( $recaptcha === 'on' ) { ?>
             <p>
                 <div class="wpuf-fields">
                     <?php echo wp_kses( recaptcha_get_html( wpuf_get_option( 'recaptcha_public', 'wpuf_general' ), true, null, is_ssl() ),[
@@ -68,6 +73,22 @@
             </p>
         <?php } ?>
 
+        <?php if ( $turnstile === 'on' ) { ?>
+            <div
+                id="wpuf-turnstile"
+                class="wpuf-turnstile"
+                data-sitekey="<?php echo esc_attr( $turnstile_site_key ); ?>"
+                data-callback="javascriptCallback"
+            ></div>
+            <script>
+                window.onloadTurnstileCallback = function () {
+                    turnstile.render("#wpuf-turnstile", {
+                        sitekey: "<?php echo esc_js( $turnstile_site_key ); ?>",
+                    });
+                };
+            </script>
+        <?php } ?>
+
         <p class="forgetmenot">
             <input name="rememberme" type="checkbox" id="wpuf-rememberme" value="forever" />
             <label for="wpuf-rememberme"><?php esc_html_e( 'Remember Me', 'wp-user-frontend' ); ?></label>