Turnstile keys

I added the Turnstile html code. What is the use of knowing both keys?

There are two very different keys with Turnstile, a site key, and a secret key.

The site key is totally public, and used to render the widget client-side. Once someone then completes the widget, you can validate that server-side using your private secret key. All of these steps are important to ensuring the challenge is passed.

I would recommend you follow the docs for how to implement it:

3 Likes

Once someone then completes the widget, you can validate that server-side using your private secret key.

I don’t understand, I’m here because I can’t follow the guide.

If I understand correctly, I have no protection because I have no active users?

But then I risk being bombarded by bots?

I’m not sure what you mean by this.

When someone completes a challenge on your website after you’ve implemented Turnstile, you can validate that challenge server-side. This process doesn’t change if you have one user or hundreds of thousands of users - it’s the exact same process.

If you’re referring to Turnstile knowing who is a bot vs a good user, then you don’t need to worry. Just because you have low traffic won’t make your site more open to bots. You can read more about the technology and implementation in the announcement post and docs:

2 Likes

I say I have 0 users and no one will complete the first Cloudflare message.

I’m confused on how to progress.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.