Reset Password · PC & Mac Help and Assistance

Welcome Guest! To enable all features please Login or Register

Posted by: Lemonde - 29 November 2025 09:01:11
I can't see the tickbox but it still blocks the login with a 'please confirm you are human' type message.

Posted by: sirclesadmin - 29 November 2025 09:02:16
Yes, you can, but it is not a built-in feature of the Directorist plugin (which only natively supports Google reCAPTCHA). To use Cloudflare Turnstile with Directorist, you will need to use a third-party plugin or add a small amount of custom code. Here are the two best ways to achieve this, starting with the easiest method. Method 1: Use a "Turnstile" Plugin (Easiest) Since Directorist creates standard WordPress users when people sign up or log in, a generic WordPress Turnstile plugin often works out of the box if Directorist submits the data through the standard WordPress login process. Install the Plugin: Go to Plugins > Add New in your WordPress dashboard. Search for and install "Simple Cloudflare Turnstile" (by Elliot Sowersby). Configure: Go to Settings > Cloudflare Turnstile. Enter your Site Key and Secret Key (get these from your Cloudflare dashboard). Under "Enable Turnstile on forms," ensure "WordPress Login" and "WordPress Registration" are checked. Test: Open your Directorist login page in an Incognito/Private window. If you see the Turnstile widget: You are done. If you do NOT see the widget: The Directorist login form uses a custom template that overrides standard hooks. You must use Method 2 below. Method 2: Template Override (Guaranteed Fix) If Method 1 didn't display the widget on your specific Directorist login form, you need to manually place the Turnstile widget into the Directorist login template. Step 1: Override the Login Template You should never edit plugin files directly. Instead, copy the template to your theme. Connect to your site via FTP or use a File Manager. Navigate to: `wp-content/plugins/directorist/templates/auth/` Locate the file `login.php` (or `login-form.php`). Copy this file to your theme folder: `wp-content/themes/your-child-theme/directorist/auth/login.php` (Note: You may need to create the `directorist` and `auth` folders in your theme if they don't exist.) Step 2: Add the Turnstile Code Edit the newly copied file in your theme folder. Find the line where the "Login" button is located (usually near the bottom of the `<form>` tag). Paste the following Cloudflare embed code just before the submit button: `<div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY_HERE"></div>` (Replace `YOUR_SITE_KEY_HERE` with your actual public Site Key from Cloudflare). Important: Ensure you have added the Cloudflare script to your site's header. If you haven't done this globally yet, add this line to your theme's `header.php` or use a "Header & Footer Scripts" plugin: `<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>` Step 3: Server-Side Validation Finally, you must tell WordPress to block the login if the Turnstile check fails. Add this code to your child theme's `functions.php` file: function directorist_verify_turnstile_login( $user, $username, $password ) { // 1. Check if the turnstile response field is present if ( isset( $_POST['cf-turnstile-response'] ) ) { $check = $_POST['cf-turnstile-response']; // 2. Verify with Cloudflare $verify_url = 'https://challenges.cloudflare.com/turnstile/v0/siteverify'; $data = array( 'secret' => 'YOUR_SECRET_KEY_HERE', // Put your SECRET key here 'response' => $check, 'remoteip' => $_SERVER['REMOTE_ADDR'] ); $options = array( 'http' => array( 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query( $data ) ) ); $context = stream_context_create( $options ); $response = file_get_contents( $verify_url, false, $context ); $result = json_decode( $response ); // 3. If invalid, block login if ( ! $result->success ) { return new WP_Error( 'turnstile_error', __( 'Cloudflare Turnstile verification failed. Please try again.', 'directorist' ) ); } } return $user; } add_filter( 'authenticate', 'directorist_verify_turnstile_login', 30, 3 ); Would you like me to clarify where to find the specific template file in your directory structure? Simple CAPTCHA Alternative with Cloudflare Turnstile This video is relevant because it demonstrates the "Method 1" approach using the "Simple Cloudflare Turnstile" plugin, which is the first and easiest solution you should attempt before modifying code.

Posted by: sirclesadmin - 29 November 2025 09:02:16

Yes, you can, but it is not a built-in feature of the Directorist plugin (which only natively supports Google reCAPTCHA).

To use Cloudflare Turnstile with Directorist, you will need to use a third-party plugin or add a small amount of custom code.

Here are the two best ways to achieve this, starting with the easiest method.

Method 1: Use a "Turnstile" Plugin (Easiest)

Since Directorist creates standard WordPress users when people sign up or log in, a generic WordPress Turnstile plugin often works out of the box if Directorist submits the data through the standard WordPress login process.

Install the Plugin:
- Go to Plugins > Add New in your WordPress dashboard.
- Search for and install "Simple Cloudflare Turnstile" (by Elliot Sowersby).
Configure:
- Go to Settings > Cloudflare Turnstile.
- Enter your Site Key and Secret Key (get these from your Cloudflare dashboard).
- Under "Enable Turnstile on forms," ensure "WordPress Login" and "WordPress Registration" are checked.
Test:
- Open your Directorist login page in an Incognito/Private window.
- If you see the Turnstile widget: You are done.
- If you do NOT see the widget: The Directorist login form uses a custom template that overrides standard hooks. You must use Method 2 below.

Method 2: Template Override (Guaranteed Fix)

If Method 1 didn't display the widget on your specific Directorist login form, you need to manually place the Turnstile widget into the Directorist login template.

Step 1: Override the Login Template

You should never edit plugin files directly. Instead, copy the template to your theme.

Connect to your site via FTP or use a File Manager.
Navigate to: wp-content/plugins/directorist/templates/auth/
Locate the file login.php (or login-form.php).
Copy this file to your theme folder: wp-content/themes/your-child-theme/directorist/auth/login.php (Note: You may need to create the directorist and auth folders in your theme if they don't exist.)

Step 2: Add the Turnstile Code

Edit the newly copied file in your theme folder.
Find the line where the "Login" button is located (usually near the bottom of the <form> tag).
Paste the following Cloudflare embed code just before the submit button:
```
<div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY_HERE"></div>
```
(Replace YOUR_SITE_KEY_HERE with your actual public Site Key from Cloudflare).
Important: Ensure you have added the Cloudflare script to your site's header. If you haven't done this globally yet, add this line to your theme's header.php or use a "Header & Footer Scripts" plugin:
```
<script src="https://challenges.cloudflare.com/turnstile/v0/api.js" async defer></script>
```

Step 3: Server-Side Validation

Finally, you must tell WordPress to block the login if the Turnstile check fails. Add this code to your child theme's functions.php file:

function directorist_verify_turnstile_login( $user, $username, $password ) {
    // 1. Check if the turnstile response field is present
    if ( isset( $_POST['cf-turnstile-response'] ) ) {
        $check = $_POST['cf-turnstile-response'];
        
        // 2. Verify with Cloudflare
        $verify_url = 'https://challenges.cloudflare.com/turnstile/v0/siteverify';
        $data = array(
            'secret'   => 'YOUR_SECRET_KEY_HERE', // Put your SECRET key here
            'response' => $check,
            'remoteip' => $_SERVER['REMOTE_ADDR']
        );

        $options = array(
            'http' => array(
                'header'  => "Content-type: application/x-www-form-urlencoded\r\n",
                'method'  => 'POST',
                'content' => http_build_query( $data )
            )
        );

        $context  = stream_context_create( $options );
        $response = file_get_contents( $verify_url, false, $context );
        $result   = json_decode( $response );

        // 3. If invalid, block login
        if ( ! $result->success ) {
            return new WP_Error( 'turnstile_error', __( 'Cloudflare Turnstile verification failed. Please try again.', 'directorist' ) );
        }
    }
    
    return $user;
}
add_filter( 'authenticate', 'directorist_verify_turnstile_login', 30, 3 );

Would you like me to clarify where to find the specific template file in your directory structure?

Simple CAPTCHA Alternative with Cloudflare Turnstile This video is relevant because it demonstrates the "Method 1" approach using the "Simple Cloudflare Turnstile" plugin, which is the first and easiest solution you should attempt before modifying code.

Posted by: sirclesadmin - 29 November 2025 10:27:59
Here are the two "Master Files" you need. You can save these as text files on your computer. When you set up a new site, just find-and-replace `YOUR_SITE_KEY_HERE` and `YOUR_SECRET_KEY_HERE` with the new site's keys. ### 1\. The `functions.php` Snippet Where to put it: At the bottom of `wp-content/themes/YOUR-THEME/functions.php`. What it does: Loads the script everywhere, adds the widget to the standard WP Login screen, and validates Logins (both WP and Directorist). ```php /* * ----------------------------------------------------------- * MASTER TURNSTILE PROTECTION (Directorist + WP Login) * ----------------------------------------------------------- / // CONFIGURATION: Enter your keys here once define( 'MY_CF_SITE_KEY', 'YOUR_SITE_KEY_HERE' ); define( 'MY_CF_SECRET_KEY', 'YOUR_SECRET_KEY_HERE' ); // 1. Load Script (Frontend & Backend) function my_master_turnstile_script() { // Only load if not already loaded by a plugin if ( ! wp_script_is( 'cf-turnstile', 'enqueued' ) ) { wp_enqueue_script( 'cf-turnstile', 'https://challenges.cloudflare.com/turnstile/v0/api.js', array(), null, true ); } } add_action( 'wp_enqueue_scripts', 'my_master_turnstile_script' ); // For Directorist add_action( 'login_enqueue_scripts', 'my_master_turnstile_script' ); // For WP Login // 2. Add Widget to WP-Login (Standard Admin Page) function my_print_turnstile_on_login() { echo ' '; } add_action( 'login_form', 'my_print_turnstile_on_login' ); // 3. Universal Validation (Checks both Directorist & WP Login) function my_master_validate_turnstile( $user, $username, $password ) { // Check if the Turnstile field was submitted if ( isset( $_POST['cf-turnstile-response'] ) ) { $response = $_POST['cf-turnstile-response']; // Ask Cloudflare if the token is valid $verify_url = 'https://challenges.cloudflare.com/turnstile/v0/siteverify'; $data = array( 'secret' => MY_CF_SECRET_KEY, 'response' => $response, 'remoteip' => $_SERVER['REMOTE_ADDR'] ); $options = array( 'http' => array( 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query( $data ) ) ); $context = stream_context_create( $options ); $verify_response = file_get_contents( $verify_url, false, $context ); $result = json_decode( $verify_response ); // If Cloudflare says "No", block the login if ( ! $result->success ) { return new WP_Error( 'turnstile_error', __( 'Error:* Security check failed. Please try again.', 'directorist' ) ); } } return $user; } add_filter( 'authenticate', 'my_master_validate_turnstile', 30, 3 ); ``` ----- ### 2\. The Template File (`login-registration-form.php`) Where to put it: `wp-content/themes/YOUR-THEME/directorist/account/login-registration-form.php` What it does: Adds the visual widget to Directorist Login, Registration, and Password Reset forms. Note: You only need to replace `YOUR_SITE_KEY_HERE` (appears 3 times) and `YOUR_SECRET_KEY_HERE` (appears 1 time at the top). ```php 'directorist_send_confirmation_email', 'user' => $user_email, 'directorist_nonce' => wp_create_nonce( 'directorist_nonce' ), ], admin_url( 'admin-ajax.php' ) ); echo wp_kses( sprintf( __( "Thank you for signing up! To complete the registration, please verify your email address by clicking on the link we have sent to your email. If you didn't find the verification email, please check your spam folder. If you still can't find it, click on the Resend confirmation email to have a new email sent to you.", 'directorist' ), esc_url( $send_confirm_mail_url ) ), [ 'a' => [ 'href' => [] ], 'br' => [] ] ); ?> If you still can't find it, please check your spam folder. And please contact if you are still having trouble.", 'directorist' ), [ 'br' => [] ] ); ?> user_login ); if ( is_wp_error( $is_valid_password_reset_key ) ) { ?> get_error_message(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?> [ 'secret' => 'YOUR_SECRET_KEY_HERE', // <--- PASTE SECRET KEY HERE 'response' => $cf_token, 'remoteip' => $_SERVER['REMOTE_ADDR'] ] ]); $cf_result = json_decode(wp_remote_retrieve_body($cf_verify)); if (!$cf_result->success) { echo ' Security check failed. Please try again. '; } else { // --- END CUSTOM CHECK --- // Ignore password sanitization $password_1 = isset( $_POST['password_1'] ) ? $_POST['password_1'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized $password_2 = isset( $_POST['password_2'] ) ? $_POST['password_2'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized if ( empty( $password_1 ) \|\| empty( $password_2 ) ) : ?> ID ); // Since password reset is handled through email, so we can consider it verified! delete_user_meta( $user->ID, 'directorist_user_email_unverified' ); ?> click here to login.', 'directorist' ), esc_url( ATBDP_Permalink::get_signin_signup_page_link() ) ), [ 'a' => [ 'href' => [] ] ] ); ?> ID, 'directorist_user_email_unverified' ); ATBDP()->email->custom_wp_new_user_notification_email( $user->ID ); ?> click here to login.', 'directorist' ), esc_url( ATBDP_Permalink::get_signin_signup_page_link() ) ), [ 'a' => [ 'href' => [] ] ] ); ?> " . $recpass_text . '' ); echo wp_kses_post( $output ); endif; ?> #recover-pass-modal { display: block; }'; $email = isset( $_POST['user_login'] ) ? sanitize_email( wp_unslash( $_POST['user_login'] ) ) : ''; if ( empty( $email ) ) { $error = __( 'Email address cannot be empty.', 'directorist' ); } else if ( ! is_email( $email ) ) { $error = __( 'Invalid e-mail address.', 'directorist' ); } else if ( ! email_exists( $email ) ) { $error = __( 'There is no user registered with that email address.', 'directorist' ); } else { $user = get_user_by( 'email', $email ); /* translators: %s: site name / $subject = esc_html( sprintf( __( '[%s] Reset Your Password', 'directorist' ), get_option( 'blogname', 'display' ) ) ); $title = esc_html__( 'Password Reset Request', 'directorist' ); $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); / translators: %1$s: site name, %1$s: user name, %3$s: password reset link / $message = sprintf( __( 'Someone has requested a password reset for the following account: Site name:* %1$s User name: %2$s To reset your password, please click on the Reset Password. If this was a mistake, just ignore this email and nothing will happen.' ), $site_name, $user->user_login, esc_url( directorist_password_reset_url( $user, true ) ) ); $message = wp_kses( $message, [ 'br' => [], 'strong' => [], 'a' => [ 'href' => [] ] ] ); $message = atbdp_email_html( $title, nl2br( $message ) ); $headers[] = 'Content-Type: text/html; charset=UTF-8'; $mail = wp_mail( $email, $subject, $message, $headers ); if ( $mail ) { $success = __( 'A password reset email has been sent to the email address on file for your account, but may take several minutes to show up in your inbox.', 'directorist' ); echo ''; } else { $error = __( 'Something went wrong, unable to send the password reset email. If the issue persists please contact with the site administrator.', 'directorist' ); } } if ( ! empty( $error ) ) { echo ' ' . wp_kses( sprintf( __( 'ERROR: %s', 'directorist' ), esc_html( $error ) ), [ 'strong' => [] ] ) . ' '; } if ( ! empty( $success ) ) { echo ' ' . esc_html( $success ) . ' '; } endif; ?> ' . __( 'Here', 'directorist' ) . '' ); echo wp_kses_post( $output ); ?> ' . __( 'Here', 'directorist' ) . '' ); echo wp_kses_post( $output ); ?> * * '; ?> ' : '' ); ?> > ' : '' ); ?> > ' : '' ); ?> > ' : '' ); ?> ><?php echo isset( $_REQUEST['bio'] ) ? esc_textarea( sanitize_text_field( wp_unslash( $_REQUEST['bio'] ) ) ) : ''; ?> > > > > * ``` ----- ### Deployment Checklist (For new sites) 1. Paste Files: Paste the two files above (adding your Keys). 2. Plugin Settings: In Simple Cloudflare Turnstile, disable "WordPress Login" (and "Registration"). Enable "Comments" and "Reset Password". 3. Directorist Settings: In Directorist \> Extensions, disable "Google reCAPTCHA". 4. Clear Cache: Clear browser and site cache.

Posted by: sirclesadmin - 29 November 2025 10:27:59

Here are the two "Master Files" you need. You can save these as text files on your computer. When you set up a new site, just find-and-replace `YOUR_SITE_KEY_HERE` and `YOUR_SECRET_KEY_HERE` with the new site's keys. ### 1\. The `functions.php` Snippet **Where to put it:** At the bottom of `wp-content/themes/YOUR-THEME/functions.php`. **What it does:** Loads the script everywhere, adds the widget to the standard WP Login screen, and validates Logins (both WP and Directorist). ```php /* * ----------------------------------------------------------- * MASTER TURNSTILE PROTECTION (Directorist + WP Login) * ----------------------------------------------------------- */ // CONFIGURATION: Enter your keys here once define( 'MY_CF_SITE_KEY', 'YOUR_SITE_KEY_HERE' ); define( 'MY_CF_SECRET_KEY', 'YOUR_SECRET_KEY_HERE' ); // 1. Load Script (Frontend & Backend) function my_master_turnstile_script() { // Only load if not already loaded by a plugin if ( ! wp_script_is( 'cf-turnstile', 'enqueued' ) ) { wp_enqueue_script( 'cf-turnstile', 'https://challenges.cloudflare.com/turnstile/v0/api.js', array(), null, true ); } } add_action( 'wp_enqueue_scripts', 'my_master_turnstile_script' ); // For Directorist add_action( 'login_enqueue_scripts', 'my_master_turnstile_script' ); // For WP Login // 2. Add Widget to WP-Login (Standard Admin Page) function my_print_turnstile_on_login() { echo '

'; } add_action( 'login_form', 'my_print_turnstile_on_login' ); // 3. Universal Validation (Checks both Directorist & WP Login) function my_master_validate_turnstile( $user, $username, $password ) { // Check if the Turnstile field was submitted if ( isset( $_POST['cf-turnstile-response'] ) ) { $response = $_POST['cf-turnstile-response']; // Ask Cloudflare if the token is valid $verify_url = 'https://challenges.cloudflare.com/turnstile/v0/siteverify'; $data = array( 'secret' => MY_CF_SECRET_KEY, 'response' => $response, 'remoteip' => $_SERVER['REMOTE_ADDR'] ); $options = array( 'http' => array( 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query( $data ) ) ); $context = stream_context_create( $options ); $verify_response = file_get_contents( $verify_url, false, $context ); $result = json_decode( $verify_response ); // If Cloudflare says "No", block the login if ( ! $result->success ) { return new WP_Error( 'turnstile_error', __( 'Error: Security check failed. Please try again.', 'directorist' ) ); } } return $user; } add_filter( 'authenticate', 'my_master_validate_turnstile', 30, 3 ); ``` ----- ### 2\. The Template File (`login-registration-form.php`) **Where to put it:** `wp-content/themes/YOUR-THEME/directorist/account/login-registration-form.php` **What it does:** Adds the visual widget to Directorist Login, Registration, and Password Reset forms. *Note: You only need to replace `YOUR_SITE_KEY_HERE` (appears 3 times) and `YOUR_SECRET_KEY_HERE` (appears 1 time at the top).* ```php

'directorist_send_confirmation_email', 'user' => $user_email, 'directorist_nonce' => wp_create_nonce( 'directorist_nonce' ), ], admin_url( 'admin-ajax.php' ) ); echo wp_kses( sprintf( __( "Thank you for signing up! To complete the registration, please verify your email address by clicking on the link we have sent to your email.

If you didn't find the verification email, please check your spam folder. If you still can't find it, click on the Resend confirmation email to have a new email sent to you.", 'directorist' ), esc_url( $send_confirm_mail_url ) ), [ 'a' => [ 'href' => [] ], 'br' => [] ] ); ?>

If you still can't find it, please check your spam folder. And please contact if you are still having trouble.", 'directorist' ), [ 'br' => [] ] ); ?>

user_login ); if ( is_wp_error( $is_valid_password_reset_key ) ) { ?>

get_error_message(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>

[ 'secret' => 'YOUR_SECRET_KEY_HERE', // <--- PASTE SECRET KEY HERE 'response' => $cf_token, 'remoteip' => $_SERVER['REMOTE_ADDR'] ] ]); $cf_result = json_decode(wp_remote_retrieve_body($cf_verify)); if (!$cf_result->success) { echo '

Security check failed. Please try again.

'; } else { // --- END CUSTOM CHECK --- // Ignore password sanitization $password_1 = isset( $_POST['password_1'] ) ? $_POST['password_1'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized $password_2 = isset( $_POST['password_2'] ) ? $_POST['password_2'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized if ( empty( $password_1 ) || empty( $password_2 ) ) : ?>

ID ); // Since password reset is handled through email, so we can consider it verified! delete_user_meta( $user->ID, 'directorist_user_email_unverified' ); ?>

click here to login.', 'directorist' ), esc_url( ATBDP_Permalink::get_signin_signup_page_link() ) ), [ 'a' => [ 'href' => [] ] ] ); ?>

ID, 'directorist_user_email_unverified' ); ATBDP()->email->custom_wp_new_user_notification_email( $user->ID ); ?>

click here to login.', 'directorist' ), esc_url( ATBDP_Permalink::get_signin_signup_page_link() ) ), [ 'a' => [ 'href' => [] ] ] ); ?>

" . $recpass_text . '' ); echo wp_kses_post( $output ); endif; ?>

#recover-pass-modal { display: block; }'; $email = isset( $_POST['user_login'] ) ? sanitize_email( wp_unslash( $_POST['user_login'] ) ) : ''; if ( empty( $email ) ) { $error = __( 'Email address cannot be empty.', 'directorist' ); } else if ( ! is_email( $email ) ) { $error = __( 'Invalid e-mail address.', 'directorist' ); } else if ( ! email_exists( $email ) ) { $error = __( 'There is no user registered with that email address.', 'directorist' ); } else { $user = get_user_by( 'email', $email ); /* translators: %s: site name */ $subject = esc_html( sprintf( __( '[%s] Reset Your Password', 'directorist' ), get_option( 'blogname', 'display' ) ) ); $title = esc_html__( 'Password Reset Request', 'directorist' ); $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); /* translators: %1$s: site name, %1$s: user name, %3$s: password reset link */ $message = sprintf( __( 'Someone has requested a password reset for the following account: Site name: %1$s User name: %2$s To reset your password, please click on the Reset Password.
If this was a mistake, just ignore this email and nothing will happen.' ), $site_name, $user->user_login, esc_url( directorist_password_reset_url( $user, true ) ) ); $message = wp_kses( $message, [ 'br' => [], 'strong' => [], 'a' => [ 'href' => [] ] ] ); $message = atbdp_email_html( $title, nl2br( $message ) ); $headers[] = 'Content-Type: text/html; charset=UTF-8'; $mail = wp_mail( $email, $subject, $message, $headers ); if ( $mail ) { $success = __( 'A password reset email has been sent to the email address on file for your account, but may take several minutes to show up in your inbox.', 'directorist' ); echo ''; } else { $error = __( 'Something went wrong, unable to send the password reset email. If the issue persists please contact with the site administrator.', 'directorist' ); } } if ( ! empty( $error ) ) { echo '

' . wp_kses( sprintf( __( 'ERROR: %s', 'directorist' ), esc_html( $error ) ), [ 'strong' => [] ] ) . '

'; } if ( ! empty( $success ) ) { echo '

' . esc_html( $success ) . '

'; } endif; ?>

' . __( 'Here', 'directorist' ) . '' ); echo wp_kses_post( $output ); ?>

' . __( 'Here', 'directorist' ) . '' ); echo wp_kses_post( $output ); ?>

*'; ?>

*' : '' ); ?> >

*' : '' ); ?>

> *

``` ----- ### Deployment Checklist (For new sites) 1. **Paste Files:** Paste the two files above (adding your Keys). 2. **Plugin Settings:** In *Simple Cloudflare Turnstile*, **disable** "WordPress Login" (and "Registration"). Enable "Comments" and "Reset Password". 3. **Directorist Settings:** In *Directorist \> Extensions*, **disable** "Google reCAPTCHA". 4. **Clear Cache:** Clear browser and site cache.

Posted by: sirclesadmin - 29 November 2025 10:31:14
Here are the two "Master Files" you need. You can save these as text files on your computer. When you set up a new site, just find-and-replace `YOUR_SITE_KEY_HERE` and `YOUR_SECRET_KEY_HERE` with the new site's keys. 1. The `functions.php` Snippet Where to put it: At the bottom of `wp-content/themes/YOUR-THEME/functions.php`. What it does: Loads the script everywhere, adds the widget to the standard WP Login screen, and validates Logins (both WP and Directorist). /* * ----------------------------------------------------------- * MASTER TURNSTILE PROTECTION (Directorist + WP Login) * ----------------------------------------------------------- / // CONFIGURATION: Enter your keys here once define( 'MY_CF_SITE_KEY', 'YOUR_SITE_KEY_HERE' ); define( 'MY_CF_SECRET_KEY', 'YOUR_SECRET_KEY_HERE' ); // 1. Load Script (Frontend & Backend) function my_master_turnstile_script() { // Only load if not already loaded by a plugin if ( ! wp_script_is( 'cf-turnstile', 'enqueued' ) ) { wp_enqueue_script( 'cf-turnstile', 'https://challenges.cloudflare.com/turnstile/v0/api.js', array(), null, true ); } } add_action( 'wp_enqueue_scripts', 'my_master_turnstile_script' ); // For Directorist add_action( 'login_enqueue_scripts', 'my_master_turnstile_script' ); // For WP Login // 2. Add Widget to WP-Login (Standard Admin Page) function my_print_turnstile_on_login() { echo '<div class="cf-turnstile" data-sitekey="' . MY_CF_SITE_KEY . '" style="margin-bottom: 15px;"></div>'; } add_action( 'login_form', 'my_print_turnstile_on_login' ); // 3. Universal Validation (Checks both Directorist & WP Login) function my_master_validate_turnstile( $user, $username, $password ) { // Check if the Turnstile field was submitted if ( isset( $_POST['cf-turnstile-response'] ) ) { $response = $_POST['cf-turnstile-response']; // Ask Cloudflare if the token is valid $verify_url = 'https://challenges.cloudflare.com/turnstile/v0/siteverify'; $data = array( 'secret' => MY_CF_SECRET_KEY, 'response' => $response, 'remoteip' => $_SERVER['REMOTE_ADDR'] ); $options = array( 'http' => array( 'header' => "Content-type: application/x-www-form-urlencoded\r\n", 'method' => 'POST', 'content' => http_build_query( $data ) ) ); $context = stream_context_create( $options ); $verify_response = file_get_contents( $verify_url, false, $context ); $result = json_decode( $verify_response ); // If Cloudflare says "No", block the login if ( ! $result->success ) { return new WP_Error( 'turnstile_error', __( '<strong>Error:</strong> Security check failed. Please try again.', 'directorist' ) ); } } return $user; } add_filter( 'authenticate', 'my_master_validate_turnstile', 30, 3 ); 2. The Template File (`login-registration-form.php`) Where to put it:* `wp-content/themes/YOUR-THEME/directorist/account/login-registration-form.php` What it does: Adds the visual widget to Directorist Login, Registration, and Password Reset forms. Note: You only need to replace `YOUR_SITE_KEY_HERE` (appears 3 times) and `YOUR_SECRET_KEY_HERE` (appears 1 time at the top). <?php /** * @author wpWax * @since 7.8.3 * @version 8.0.6 * MODIFIED: Added Cloudflare Turnstile to Login, Registration, and Reset Password / use \Directorist\Helper; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized $user_email = isset( $_GET['user'] ) ? sanitize_email( wp_unslash( base64_decode( $_GET['user'] ) ) ) : ''; $key = isset( $_GET['key'] ) ? sanitize_text_field( wp_unslash( $_GET['key'] ) ) : ''; $registration_success = false; if ( ! empty( $_GET['registration_status'] ) ) { $active_form = 'signin'; $registration_success = true; } ?> <div class="directorist-w-100"> <div class="<?php Helper::directorist_container_fluid(); ?>"> <div class="<?php Helper::directorist_row(); ?>"> <div class="directorist-col-md-6 directorist-offset-md-3 directorist-login-wrapper directorist-authentication <?php echo esc_attr( $active_form === 'signin' ? 'active' : '' ); ?>"> <div class="atbdp_login_form_shortcode directorist-authentication__form"> <?php if ( $registration_success ) : ?> <p style="padding: 20px" class="alert-success directorist-alert directorist-alert-success"> <span><?php esc_html_e( 'Registration completed. Please check your email for confirmation. Or login here.', 'directorist' );?></span> </p> <?php endif; ?> <?php if ( directorist_is_email_verification_enabled() && ! empty( $_GET['verification'] ) && is_email( $user_email ) ) : ?> <p class="directorist-alert directorist-alert-success"><span> <?php $send_confirm_mail_url = add_query_arg( [ 'action' => 'directorist_send_confirmation_email', 'user' => $user_email, 'directorist_nonce' => wp_create_nonce( 'directorist_nonce' ), ], admin_url( 'admin-ajax.php' ) ); echo wp_kses( sprintf( __( "Thank you for signing up! To complete the registration, please verify your email address by clicking on the link we have sent to your email.<br><br>If you didn't find the verification email, please check your spam folder. If you still can't find it, click on the <a href='%s'>Resend confirmation email</a> to have a new email sent to you.", 'directorist' ), esc_url( $send_confirm_mail_url ) ), [ 'a' => [ 'href' => [] ], 'br' => [] ] ); ?> </span></p> <?php endif; ?> <?php if ( directorist_is_email_verification_enabled() && ! empty( $_GET['send_verification_email'] ) ) : ?> <p class="directorist-alert directorist-alert-success"><span> <?php echo wp_kses( __( "Thank you for requesting a new verification email. Please check your inbox and verify to complete the registration.<br><br>If you still can't find it, please check your spam folder. And please contact if you are still having trouble.", 'directorist' ), [ 'br' => [] ] ); ?> </span></p> <?php endif; ?> <?php // start recovery stuff if ( is_email( $user_email ) && ! empty( $key ) ) { $user = get_user_by( 'email', $user_email ); if ( ! $user ) { ?> <p class="directorist-alert directorist-alert-danger"> <?php esc_html_e( 'Sorry! user not found', 'directorist' ); ?> </p> <?php } else { $is_valid_password_reset_key = check_password_reset_key( $key, $user->user_login ); if ( is_wp_error( $is_valid_password_reset_key ) ) { ?><p class="directorist-alert directorist-alert-danger"> <?php echo $is_valid_password_reset_key->get_error_message(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?> </p><?php } else { if ( ! empty( $_POST['directorist_reset_password'] ) && directorist_verify_nonce( 'directorist-reset-password-nonce', 'reset_password' ) ) : // --- CUSTOM TURNSTILE CHECK FOR RESET PASSWORD --- $cf_token = isset($_POST['cf-turnstile-response']) ? $_POST['cf-turnstile-response'] : ''; $cf_verify = wp_remote_post('https://challenges.cloudflare.com/turnstile/v0/siteverify', [ 'body' => [ 'secret' => 'YOUR_SECRET_KEY_HERE', // <--- PASTE SECRET KEY HERE 'response' => $cf_token, 'remoteip' => $_SERVER['REMOTE_ADDR'] ] ]); $cf_result = json_decode(wp_remote_retrieve_body($cf_verify)); if (!$cf_result->success) { echo '<p class="directorist-alert directorist-alert-danger">Security check failed. Please try again.</p>'; } else { // --- END CUSTOM CHECK --- // Ignore password sanitization $password_1 = isset( $_POST['password_1'] ) ? $_POST['password_1'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized $password_2 = isset( $_POST['password_2'] ) ? $_POST['password_2'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized if ( empty( $password_1 ) \|\| empty( $password_2 ) ) : ?> <p class="atbd_reset_warning directorist-alert directorist-alert-danger"><?php echo esc_html__( 'Passwords cannot be empty.', 'directorist' ); ?></p> <?php elseif ( $password_1 !== $password_2 ) : ?> <p class="atbd_reset_error directorist-alert directorist-alert-danger"><?php echo esc_html__( 'Passwords do not match!', 'directorist' ); ?></p> <?php else : wp_set_password( $password_2, $user->ID ); // Since password reset is handled through email, so we can consider it verified! delete_user_meta( $user->ID, 'directorist_user_email_unverified' ); ?> <p class="atbd_reset_success directorist-alert directorist-alert-success"> <?php echo wp_kses( sprintf( __( 'Password changed successfully. Please <a href="%s">click here to login</a>.', 'directorist' ), esc_url( ATBDP_Permalink::get_signin_signup_page_link() ) ), [ 'a' => [ 'href' => [] ] ] ); ?> </p> <?php endif; } // End Turnstile else endif; if ( ! empty( $_GET['password_reset'] ) ) { include ATBDP_DIR . 'templates/account/password-reset-form.php'; } if ( ! empty( $_GET['confirm_mail'] ) ) { /* * Verify user and send registration confirmation mail / delete_user_meta( $user->ID, 'directorist_user_email_unverified' ); ATBDP()->email->custom_wp_new_user_notification_email( $user->ID ); ?> <div class="directorist-alert directorist-alert-success"> <?php echo wp_kses( sprintf( __( 'Email verification successful. Please <a href="%s">click here to login</a>.', 'directorist' ), esc_url( ATBDP_Permalink::get_signin_signup_page_link() ) ), [ 'a' => [ 'href' => [] ] ] ); ?> </div> <?php } } } } else { ?> <form action="#" id="directorist__authentication__login" method="POST" class="directorist__authentication__signin"> <p class="status"></p> <div class="directorist-form-group directorist-mb-15"> <label for="directorist__authentication__signin__username"><?php echo esc_html( $log_username ); ?></label> <input type="text" class="directorist-form-element" id="username" name="username" /> </div> <div class="directorist-form-group directorist-password-group"> <label for="directorist__authentication__signin__password"><?php echo esc_html( $log_password ); ?></label> <input type="password" id="password" autocomplete="off" name="password" class="directorist-form-element directorist-password-group-input"/> <span class="directorist-password-group-toggle"> <svg class="directorist-password-group-eyeIcon" xmlns="http://www.w3.org/2000/svg" width="22" height="22" fill="none" viewBox="0 0 24 24"> <path stroke="#888" stroke-width="2" d="M1.5 12S5.5 5.5 12 5.5 22.5 12 22.5 12 18.5 18.5 12 18.5 1.5 12 1.5 12Z"/> <circle cx="12" cy="12" r="3.5" stroke="#888" stroke-width="2"/> </svg> </span> </div> <div class="directorist-authentication__form__actions"> <?php if ( ! empty( $display_rememberme ) && 'yes' == $display_rememberme ) :?> <div class="keep_signed directorist-checkbox"> <input type="checkbox" id="directorist_login_keep_signed_in" value="1" name="keep_signed_in" checked /> <label for="directorist_login_keep_signed_in" class="directorist-checkbox__label not_empty"> <?php echo esc_html( $rememberme_label ); ?> </label> </div> <?php endif; ?> <?php if ( ! empty( $display_recpass ) && 'yes' == $display_recpass ) : $output = sprintf( "<a href='' class='atbdp_recovery_pass'> " . $recpass_text . '</a>' ); echo wp_kses_post( $output ); endif; ?> </div> <div class="directorist-form-group atbd_login_btn_wrapper directorist-mb-15 directorist-authentication__form__btn-wrapper"> <div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY_HERE" style="margin-bottom:10px;"></div> <button class="directorist-btn directorist-btn-block directorist-authentication__form__btn" type="submit" value="<?php echo esc_attr( $log_button ); ?>" name="submit" aria-label="Signin Button"><?php echo esc_html( $log_button ); ?></button> <?php wp_nonce_field( 'ajax-login-nonce', 'security' );?> </div> </form> <div class="atbd_social_login"> <?php do_action( 'atbdp_before_login_form_end' );?> </div> <?php if ( directorist_is_user_registration_enabled() ) : ?> <div class="directorist-authentication__form__toggle-area"> <?php echo esc_html( $reg_text ); ?> <button class="directorist-authentication__btn directorist-authentication__btn--signup" aria-label="Signup Button"><?php echo esc_html( $reg_linktxt ); ?></button> </div> <?php endif; ?> <?php //stuff to recover password start $error = ''; $success = ''; // check if we're in reset form if ( isset( $_POST['action'] ) && 'reset' === $_POST['action'] && directorist_verify_nonce() ) : echo '<style>#recover-pass-modal { display: block; }</style>'; $email = isset( $_POST['user_login'] ) ? sanitize_email( wp_unslash( $_POST['user_login'] ) ) : ''; if ( empty( $email ) ) { $error = __( 'Email address cannot be empty.', 'directorist' ); } else if ( ! is_email( $email ) ) { $error = __( 'Invalid e-mail address.', 'directorist' ); } else if ( ! email_exists( $email ) ) { $error = __( 'There is no user registered with that email address.', 'directorist' ); } else { $user = get_user_by( 'email', $email ); / translators: %s: site name / $subject = esc_html( sprintf( __( '[%s] Reset Your Password', 'directorist' ), get_option( 'blogname', 'display' ) ) ); $title = esc_html__( 'Password Reset Request', 'directorist' ); $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); / translators: %1$s: site name, %1$s: user name, %3$s: password reset link / $message = sprintf( __( 'Someone has requested a password reset for the following account: <strong>Site name:</strong> %1$s <strong>User name:</strong> %2$s To reset your password, please click on the <a href="%3$s">Reset Password</a>.<br> If this was a mistake, just ignore this email and nothing will happen.' ), $site_name, $user->user_login, esc_url( directorist_password_reset_url( $user, true ) ) ); $message = wp_kses( $message, [ 'br' => [], 'strong' => [], 'a' => [ 'href' => [] ] ] ); $message = atbdp_email_html( $title, nl2br( $message ) ); $headers[] = 'Content-Type: text/html; charset=UTF-8'; $mail = wp_mail( $email, $subject, $message, $headers ); if ( $mail ) { $success = __( 'A password reset email has been sent to the email address on file for your account, but may take several minutes to show up in your inbox.', 'directorist' ); echo '<style>#recover-pass-modal { display: none; }</style>'; } else { $error = __( 'Something went wrong, unable to send the password reset email. If the issue persists please contact with the site administrator.', 'directorist' ); } } if ( ! empty( $error ) ) { echo '<div class="message"><p class="error directorist-alert directorist-alert-danger">' . wp_kses( sprintf( __( '<strong>ERROR: </strong> %s', 'directorist' ), esc_html( $error ) ), [ 'strong' => [] ] ) . '</p></div>'; } if ( ! empty( $success ) ) { echo '<div class="error_login"><p class="success directorist-alert directorist-alert-success">' . esc_html( $success ) . '</p></div>'; } endif; ?> <div id="recover-pass-modal" class="directorist-mt-15 directorist-authentication__form__recover-pass-modal"> <form action="#" method="post"> <fieldset class="directorist-form-group"> <p><?php echo esc_html( $recpass_desc ); ?></p> <label for="reset_user_login"><?php echo esc_html( $recpass_username ); ?></label> <input type="text" class="directorist-mb-15 directorist-form-element" name="user_login" id="reset_user_login" value="<?php echo isset( $_POST['user_login'] ) ? esc_attr( sanitize_text_field( wp_unslash( $_POST['user_login'] ) ) ) : ''; ?>" placeholder="<?php echo esc_attr( $recpass_placeholder ); ?>" required="required" /> <div class="directorist-authentication__form__btn-wrapper"> <input type="hidden" name="action" value="reset" /> <div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY_HERE" style="margin-bottom:10px;"></div> <button type="submit" class="directorist-btn directorist-authentication__form__btn" id="directorist__authentication__submit" aria-label="Recover Password Button"><?php echo esc_html( $recpass_button ); ?></button> <input type="hidden" value="<?php echo esc_attr( wp_create_nonce( directorist_get_nonce_key() ) ); ?>" name="directorist_nonce"> </div> </fieldset> </form> </div> <?php }; ?> </div></div> <?php if ( directorist_is_user_registration_enabled() ) : ?> <div class="directorist-col-md-6 directorist-offset-md-3 directorist-registration-wrapper directorist-authentication <?php echo esc_attr( $active_form === 'signup' ? 'active' : '' ); ?>"> <div class="directory_register_form_wrap directorist-authentication__form"> <div class="add_listing_title atbd_success_mesage directorist-authentication__message"> <?php if ( ! empty( $_GET['registration_status'] ) && true == $_GET['registration_status'] ) { if ( empty( $display_password_reg ) \|\| 'yes' != $display_password_reg ) { ?> <p style="padding: 20px" class="alert-success directorist-alert directorist-alert-success"><span> <?php esc_html_e( 'Go to your inbox or spam/junk and get your password.', 'directorist' ); ?> <?php $output = sprintf( __( 'Click %s to login.', 'directorist' ), '<a href="' . ATBDP_Permalink::get_login_page_link() . '"><i style="color: red">' . __( 'Here', 'directorist' ) . '</i></a>' ); echo wp_kses_post( $output ); ?> </span></p> <?php } else { ?> <p style="padding: 20px" class="alert-success directorist-alert directorist-alert-success"><span> <?php esc_html_e( 'Registration completed. Please check your email for confirmation.', 'directorist' ); ?> <?php $output = sprintf( __( 'Or click %s to login.', 'directorist' ), '<button class="directorist-authentication__btn directorist-authentication__btn--signin"><span style="color: red">' . __( 'Here', 'directorist' ) . '</span></button>' ); echo wp_kses_post( $output ); ?> </span></p> <?php } } ?> <p style="padding: 20px; display:none;" class="alert-danger directorist-register-error"><?php directorist_icon( 'las la-exclamation-triangle' ); ?></p> </div> <form action="#" method="post" class="directorist__authentication__signup"> <div class="directorist-form-group directorist-mb-35"> <label for="directorist__authentication__signup__username"><?php echo esc_html( $username ); ?> <strong class="directorist-form-required"></strong></label> <input id="directorist__authentication__signup__username" class="directorist-form-element" type="text" name="username" value="<?php echo isset( $_REQUEST['username'] ) ? esc_attr( sanitize_text_field( wp_unslash( $_REQUEST['username'] ) ) ) : ''; ?>" required> </div> <div class="directorist-form-group directorist-mb-35"> <label for="directorist__authentication__signup__email"><?php echo esc_html( $email ); ?> <strong class="directorist-form-required"></strong></label> <input id="directorist__authentication__signup__email" class="directorist-form-element" type="text" name="email" value="<?php echo isset( $_REQUEST['email'] ) ? esc_attr( sanitize_email( wp_unslash( $_REQUEST['email'] ) ) ) : ''; ?>" required> </div> <?php if ( ! empty( $display_password_reg ) && 'yes' == $display_password_reg ) { ?> <div class="directorist-form-group directorist-mb-35"> <label for="directorist__authentication__signup__password"><?php echo esc_html( $password ); echo '<strong class="directorist-form-required"></strong>'; ?></label> <input id="directorist__authentication__signup__password" class="directorist-form-element" type="password" name="password" value="" required> </div> <?php } ?> <?php if ( ! empty( $display_fname ) && 'yes' == $display_fname ) { ?> <div class="directorist-form-group directorist-mb-35"> <label for="directorist__authentication__signup__fname"><?php echo esc_html( $first_name ); echo ( ! empty( $require_fname ) && 'yes' == $require_fname ? '<strong class="directorist-form-required"></strong>' : '' ); ?></label> <input id="directorist__authentication__signup__fname" class="directorist-form-element" type="text" name="fname" value="<?php echo isset( $_REQUEST['fname'] ) ? esc_attr( sanitize_text_field( wp_unslash( $_REQUEST['fname'] ) ) ) : ''; ?>" <?php echo ( ! empty( $require_fname ) && 'yes' == $require_fname ? 'required' : '' ); ?>> </div> <?php } ?> <?php if ( ! empty( $display_lname ) && 'yes' == $display_lname ) { ?> <div class="directorist-form-group directorist-mb-35"> <label for="directorist__authentication__signup__lname"><?php echo esc_html( $last_name ); echo ( ! empty( $require_lname ) && 'yes' == $require_lname ? '<strong class="directorist-form-required"></strong>' : '' ); ?></label> <input class="directorist-form-element" id="directorist__authentication__signup__lname" type="text" name="lname" value="<?php echo isset( $_REQUEST['lname'] ) ? esc_attr( sanitize_text_field( wp_unslash( $_REQUEST['lname'] ) ) ) : ''; ?>" <?php echo ( ! empty( $require_lname ) && 'yes' == $require_lname ? 'required' : '' ); ?>> </div> <?php } ?> <?php if ( ! empty( $display_website ) && 'yes' == $display_website ) { ?> <div class="directorist-form-group directorist-mb-35"> <label for="directorist__authentication__signup__website"><?php echo esc_html( $website ); echo ( ! empty( $require_website ) && 'yes' == $require_website ? '<strong class="directorist-form-required"></strong>' : '' ); ?></label> <input id="directorist__authentication__signup__website" class="directorist-form-element" type="text" name="website" value="<?php echo isset( $_REQUEST['website'] ) ? esc_url( sanitize_text_field( wp_unslash( $_REQUEST['website'] ) ) ) : ''; ?>" <?php echo ( ! empty( $require_website ) && 'yes' == $require_website ? 'required' : '' ); ?>> </div> <?php } ?> <?php if ( ! empty( $display_bio ) && 'yes' == $display_bio ) { ?> <div class="directorist-form-group directorist-mb-35"> <label for="directorist__authentication__signup__bio"><?php echo esc_html( $bio ); echo ( ! empty( $require_bio ) && 'yes' == $require_bio ? '<strong class="directorist-form-required"></strong>' : '' ); ?></label> <textarea id="directorist__authentication__signup__bio" class="directorist-form-element" name="bio" rows="10" placeholder="<?php echo esc_html( $bio ); ?>" <?php echo ( ! empty( $require_bio ) && 'yes' == $require_bio ? 'required' : '' ); ?>><?php echo isset( $_REQUEST['bio'] ) ? esc_textarea( sanitize_text_field( wp_unslash( $_REQUEST['bio'] ) ) ) : ''; ?></textarea> </div> <?php } ?> <?php if ( ! empty( $enable_user_type ) && 'yes' == $enable_user_type ) { ?> <div class="atbd_user_type_area directory_regi_btn directorist-radio directorist-radio-circle directorist-mb-35"> <input id="author_type" type="radio" name="user_type" value="author" <?php echo esc_attr( $author_checked ); ?>><label for="author_type" class="directorist-radio__label"><?php echo esc_html( $author_role_label ); ?> </div> <div class="atbd_user_type_area directory_regi_btn directorist-radio directorist-radio-circle directorist-mb-35"> <input id="general_type" type="radio" name="user_type" value="general" <?php echo esc_attr( $general_checked ); ?>><label for="general_type" class="directorist-radio__label"><?php echo esc_html( $user_role_label ); ?> </div> <?php } ?> <?php if ( ! empty( $registration_privacy ) && 'yes' == $registration_privacy ) { ?> <div class="atbd_privacy_policy_area directory_regi_btn directorist-checkbox directorist-mb-20"> <input id="directorist__authentication__signup__privacy_policy" type="checkbox" name="privacy_policy" <?php echo( ( isset( $privacy_policy ) && 'on' === $privacy_policy ) ? 'checked="checked"' : '' ); ?>> <label for="directorist__authentication__signup__privacy_policy" class="directorist-checkbox__label"><?php echo esc_html( $privacy_label ); ?> <a style="color: red" target="_blank" href="<?php echo esc_url( $privacy_page_link ); ?>"><?php echo esc_html( $privacy_label_link ); ?></a> <span class="directorist-form-required"></span></label> </div> <?php } ?> <?php if ( ! empty( $enable_registration_terms ) && 'yes' == $enable_registration_terms ) { ?> <div class="atbd_term_and_condition_area directory_regi_btn directorist-checkbox directorist-mb-30"> <input id="directorist__authentication__signup__listing_t" type="checkbox" name="t_c_check" <?php echo( ( isset( $t_c_check ) && 'on' === $t_c_check ) ? 'checked="checked"' : '' ); ?>> <label for="directorist__authentication__signup__listing_t" class="directorist-checkbox__label"><?php echo esc_attr( $terms_label ); ?> <a style="color: red" target="_blank" href="<?php echo esc_url( $t_C_page_link )?>"><?php echo esc_attr( $terms_label_link ); ?></a> <span class="directorist-form-required"></span></label> </div> <?php } ?> <?php /* * @since 4.4.0 / do_action( 'atbdp_before_user_registration_submit' ); ?> <div class="directory_regi_btn directorist-mb-15"> <div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY_HERE" style="margin-bottom:10px;"></div> <?php if ( get_directorist_option( 'redirection_after_reg' ) === 'previous_page' ) { ?> <input type="hidden" name='previous_page' value='<?php echo esc_url( wp_get_referer() ); ?>'> <?php } ?> <input type="hidden" value="<?php echo esc_attr( wp_create_nonce( directorist_get_nonce_key() ) ); ?>" name="directorist_nonce"> <a class="directorist-btn directorist-authentication__form__btn" href="#"><?php echo esc_html( $reg_signup ); ?></a> </div> <div class="directory_regi_btn directorist-authentication__form__toggle-area"> <p><?php echo esc_html( $login_text ); ?> <button class="directorist-authentication__btn directorist-authentication__btn--signin"><?php echo esc_html( $log_linkingmsg ); ?></button></p> </div> </form> </div> </div> <?php endif; ?> </div> </div> </div> Deployment Checklist (For new sites) Paste Files:* Paste the two files above (adding your Keys). Plugin Settings: In Simple Cloudflare Turnstile, disable "WordPress Login" (and "Registration"). Enable "Comments" and "Reset Password". Directorist Settings: In Directorist > Extensions, disable "Google reCAPTCHA". Clear Cache: Clear browser and site cache.

Posted by: sirclesadmin - 29 November 2025 10:31:14

Here are the two "Master Files" you need.

You can save these as text files on your computer. When you set up a new site, just find-and-replace YOUR_SITE_KEY_HERE and YOUR_SECRET_KEY_HERE with the new site's keys.

1. The `functions.php` Snippet

Where to put it: At the bottom of wp-content/themes/YOUR-THEME/functions.php. What it does: Loads the script everywhere, adds the widget to the standard WP Login screen, and validates Logins (both WP and Directorist).

/* * -----------------------------------------------------------
 * MASTER TURNSTILE PROTECTION (Directorist + WP Login)
 * -----------------------------------------------------------
 */

// CONFIGURATION: Enter your keys here once
define( 'MY_CF_SITE_KEY',   'YOUR_SITE_KEY_HERE' );
define( 'MY_CF_SECRET_KEY', 'YOUR_SECRET_KEY_HERE' );


// 1. Load Script (Frontend & Backend)
function my_master_turnstile_script() {
    // Only load if not already loaded by a plugin
    if ( ! wp_script_is( 'cf-turnstile', 'enqueued' ) ) {
        wp_enqueue_script( 'cf-turnstile', 'https://challenges.cloudflare.com/turnstile/v0/api.js', array(), null, true );
    }
}
add_action( 'wp_enqueue_scripts', 'my_master_turnstile_script' );    // For Directorist
add_action( 'login_enqueue_scripts', 'my_master_turnstile_script' ); // For WP Login


// 2. Add Widget to WP-Login (Standard Admin Page)
function my_print_turnstile_on_login() {
    echo '<div class="cf-turnstile" data-sitekey="' . MY_CF_SITE_KEY . '" style="margin-bottom: 15px;"></div>';
}
add_action( 'login_form', 'my_print_turnstile_on_login' );


// 3. Universal Validation (Checks both Directorist & WP Login)
function my_master_validate_turnstile( $user, $username, $password ) {
    
    // Check if the Turnstile field was submitted
    if ( isset( $_POST['cf-turnstile-response'] ) ) {
        
        $response = $_POST['cf-turnstile-response'];

        // Ask Cloudflare if the token is valid
        $verify_url = 'https://challenges.cloudflare.com/turnstile/v0/siteverify';
        $data = array(
            'secret'   => MY_CF_SECRET_KEY,
            'response' => $response,
            'remoteip' => $_SERVER['REMOTE_ADDR']
        );

        $options = array(
            'http' => array(
                'header'  => "Content-type: application/x-www-form-urlencoded\r\n",
                'method'  => 'POST',
                'content' => http_build_query( $data )
            )
        );

        $context  = stream_context_create( $options );
        $verify_response = file_get_contents( $verify_url, false, $context );
        $result   = json_decode( $verify_response );

        // If Cloudflare says "No", block the login
        if ( ! $result->success ) {
            return new WP_Error( 'turnstile_error', __( '<strong>Error:</strong> Security check failed. Please try again.', 'directorist' ) );
        }
    } 
    
    return $user;
}
add_filter( 'authenticate', 'my_master_validate_turnstile', 30, 3 );

2. The Template File (`login-registration-form.php`)

Where to put it: wp-content/themes/YOUR-THEME/directorist/account/login-registration-form.php What it does: Adds the visual widget to Directorist Login, Registration, and Password Reset forms.

Note: You only need to replace YOUR_SITE_KEY_HERE (appears 3 times) and YOUR_SECRET_KEY_HERE (appears 1 time at the top).

<?php
/**
 * @author  wpWax
 * @since   7.8.3
 * @version 8.0.6
 * MODIFIED: Added Cloudflare Turnstile to Login, Registration, and Reset Password
 */

use \Directorist\Helper;
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
$user_email           = isset( $_GET['user'] ) ? sanitize_email( wp_unslash( base64_decode( $_GET['user'] ) ) ) : '';
$key                  = isset( $_GET['key'] ) ? sanitize_text_field( wp_unslash( $_GET['key'] ) ) : '';
$registration_success = false;

if ( ! empty( $_GET['registration_status'] ) ) {
    $active_form          = 'signin';
    $registration_success = true;
}
?>
<div class="directorist-w-100">
    <div class="<?php Helper::directorist_container_fluid(); ?>">
        <div class="<?php Helper::directorist_row(); ?>">
            <div class="directorist-col-md-6 directorist-offset-md-3 directorist-login-wrapper directorist-authentication <?php echo esc_attr( $active_form === 'signin' ? 'active' : '' ); ?>">
                <div class="atbdp_login_form_shortcode directorist-authentication__form">

                    <?php if ( $registration_success ) : ?>
                        <p style="padding: 20px" class="alert-success directorist-alert directorist-alert-success">
                            <span><?php esc_html_e( 'Registration completed. Please check your email for confirmation. Or login here.', 'directorist' );?></span>
                        </p>
                    <?php endif; ?>

                    <?php if ( directorist_is_email_verification_enabled() && ! empty( $_GET['verification'] ) && is_email( $user_email ) ) : ?>
                        <p class="directorist-alert directorist-alert-success"><span>
                            <?php
                            $send_confirm_mail_url = add_query_arg(
                                [
                                    'action'            => 'directorist_send_confirmation_email',
                                    'user'              => $user_email,
                                    'directorist_nonce' => wp_create_nonce( 'directorist_nonce' ),
                                ], admin_url( 'admin-ajax.php' ) 
                            );

                            echo wp_kses( sprintf( __( "Thank you for signing up! To complete the registration, please verify your email address by clicking on the link we have sent to your email.<br><br>If you didn't find the verification email, please check your spam folder. If you still can't find it, click on the <a href='%s'>Resend confirmation email</a> to have a new email sent to you.", 'directorist' ), esc_url( $send_confirm_mail_url ) ), [ 'a' => [ 'href' => [] ], 'br' => [] ] );
                            ?>
                        </span></p>
                    <?php endif; ?>

                    <?php if ( directorist_is_email_verification_enabled() && ! empty( $_GET['send_verification_email'] ) ) : ?>
                        <p class="directorist-alert directorist-alert-success"><span>
                            <?php echo wp_kses( __( "Thank you for requesting a new verification email. Please check your inbox and verify to complete the registration.<br><br>If you still can't find it, please check your spam folder. And please contact if you are still having trouble.", 'directorist' ), [ 'br' => [] ] ); ?>
                        </span></p>
                    <?php endif; ?>

                    <?php
                    // start recovery stuff
                    if ( is_email( $user_email ) && ! empty( $key ) ) {
                        $user = get_user_by( 'email', $user_email );

                        if ( ! $user ) { ?>
                            <p class="directorist-alert directorist-alert-danger">
                                <?php esc_html_e( 'Sorry! user not found', 'directorist' ); ?>
                            </p>
                        <?php } else {
                            $is_valid_password_reset_key = check_password_reset_key( $key, $user->user_login );

                            if ( is_wp_error( $is_valid_password_reset_key ) ) {
                                ?><p class="directorist-alert directorist-alert-danger">
                                    <?php echo $is_valid_password_reset_key->get_error_message(); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped ?>
                                </p><?php
                            } else {
                                if ( ! empty( $_POST['directorist_reset_password'] ) && directorist_verify_nonce( 'directorist-reset-password-nonce', 'reset_password' ) ) :
                                    
                                    // --- CUSTOM TURNSTILE CHECK FOR RESET PASSWORD ---
                                    $cf_token = isset($_POST['cf-turnstile-response']) ? $_POST['cf-turnstile-response'] : '';
                                    $cf_verify = wp_remote_post('https://challenges.cloudflare.com/turnstile/v0/siteverify', [
                                        'body' => [
                                            'secret' => 'YOUR_SECRET_KEY_HERE', // <--- PASTE SECRET KEY HERE
                                            'response' => $cf_token,
                                            'remoteip' => $_SERVER['REMOTE_ADDR']
                                        ]
                                    ]);
                                    $cf_result = json_decode(wp_remote_retrieve_body($cf_verify));
                                    if (!$cf_result->success) {
                                        echo '<p class="directorist-alert directorist-alert-danger">Security check failed. Please try again.</p>';
                                    } else {
                                    // --- END CUSTOM CHECK ---

                                        // Ignore password sanitization
                                        $password_1 = isset( $_POST['password_1'] ) ? $_POST['password_1'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
                                        $password_2 = isset( $_POST['password_2'] ) ? $_POST['password_2'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

                                        if ( empty( $password_1 ) || empty( $password_2 ) ) : ?>
                                            <p class="atbd_reset_warning directorist-alert directorist-alert-danger"><?php echo esc_html__( 'Passwords cannot be empty.', 'directorist' ); ?></p>
                                        <?php elseif ( $password_1 !== $password_2 ) : ?>
                                            <p class="atbd_reset_error directorist-alert directorist-alert-danger"><?php echo esc_html__( 'Passwords do not match!', 'directorist' ); ?></p>
                                        <?php else :
                                            wp_set_password( $password_2, $user->ID );
                                            // Since password reset is handled through email, so we can consider it verified!
                                            delete_user_meta( $user->ID, 'directorist_user_email_unverified' );
                                            ?>
                                            <p class="atbd_reset_success directorist-alert directorist-alert-success">
                                                <?php 
                                                echo wp_kses(
                                                    sprintf(
                                                        __( 'Password changed successfully. Please <a href="%s">click here to login</a>.', 'directorist' ),
                                                        esc_url( ATBDP_Permalink::get_signin_signup_page_link() )
                                                    ), [ 'a' => [ 'href' => [] ] ]
                                                );
                                                ?>
                                            </p>
                                        <?php endif;
                                    } // End Turnstile else
                                endif;

                                if ( ! empty( $_GET['password_reset'] ) ) {
                                    include ATBDP_DIR . 'templates/account/password-reset-form.php';
                                }

                                if ( ! empty( $_GET['confirm_mail'] ) ) {
                                    /**
                                     * Verify user and send registration confirmation mail
                                     */
                                    delete_user_meta( $user->ID, 'directorist_user_email_unverified' );
                                    ATBDP()->email->custom_wp_new_user_notification_email( $user->ID );
                                    ?>
                                    <div class="directorist-alert directorist-alert-success">
                                        <?php echo wp_kses(
                                            sprintf(
                                                __( 'Email verification successful. Please <a href="%s">click here to login</a>.', 'directorist' ),
                                                esc_url( ATBDP_Permalink::get_signin_signup_page_link() )
                                            ), [ 'a' => [ 'href' => [] ] ] 
                                        ); ?>
                                    </div>
                                    <?php
                                }
                            }
                        }
                    } else { ?>
                        <form action="#" id="directorist__authentication__login" method="POST" class="directorist__authentication__signin">
                            <p class="status"></p>
                            <div class="directorist-form-group directorist-mb-15">
                                <label for="directorist__authentication__signin__username"><?php echo esc_html( $log_username ); ?></label>
                                <input type="text" class="directorist-form-element" id="username" name="username" />
                            </div>

                            <div class="directorist-form-group directorist-password-group">
                                <label for="directorist__authentication__signin__password"><?php echo esc_html( $log_password ); ?></label>
                                <input type="password" id="password" autocomplete="off" name="password" class="directorist-form-element directorist-password-group-input"/>
                                <span class="directorist-password-group-toggle">
                                    <svg class="directorist-password-group-eyeIcon" xmlns="http://www.w3.org/2000/svg" width="22" height="22" fill="none" viewBox="0 0 24 24">
                                        <path stroke="#888" stroke-width="2" d="M1.5 12S5.5 5.5 12 5.5 22.5 12 22.5 12 18.5 18.5 12 18.5 1.5 12 1.5 12Z"/>
                                        <circle cx="12" cy="12" r="3.5" stroke="#888" stroke-width="2"/>
                                    </svg>
                                </span>
                            </div>
                            <div class="directorist-authentication__form__actions">

                                <?php if ( ! empty( $display_rememberme ) && 'yes' == $display_rememberme ) :?>
                                    <div class="keep_signed directorist-checkbox">
                                        <input type="checkbox" id="directorist_login_keep_signed_in" value="1" name="keep_signed_in" checked />
                                        <label for="directorist_login_keep_signed_in" class="directorist-checkbox__label not_empty">
                                            <?php echo esc_html( $rememberme_label ); ?>
                                        </label>
                                    </div>
                                <?php endif; ?>

                                <?php if ( ! empty( $display_recpass ) && 'yes' == $display_recpass ) :
                                    $output = sprintf( "<a href='' class='atbdp_recovery_pass'> " . $recpass_text . '</a>' );
                                    echo wp_kses_post( $output );
                                endif; ?>
                            </div>

                            <div class="directorist-form-group atbd_login_btn_wrapper directorist-mb-15 directorist-authentication__form__btn-wrapper">
                                
                                <div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY_HERE" style="margin-bottom:10px;"></div>
                                
                                <button class="directorist-btn directorist-btn-block directorist-authentication__form__btn" type="submit" value="<?php echo esc_attr( $log_button ); ?>" name="submit" aria-label="Signin Button"><?php echo esc_html( $log_button ); ?></button>
                                <?php wp_nonce_field( 'ajax-login-nonce', 'security' );?>
                            </div>
                        </form>

                        <div class="atbd_social_login">
                            <?php do_action( 'atbdp_before_login_form_end' );?>
                        </div>

                        <?php if ( directorist_is_user_registration_enabled() ) : ?>
                            <div class="directorist-authentication__form__toggle-area">
                                <?php echo esc_html( $reg_text ); ?>
                                <button class="directorist-authentication__btn directorist-authentication__btn--signup" aria-label="Signup Button"><?php echo esc_html( $reg_linktxt ); ?></button>
                            </div>
                        <?php endif; ?>

                        <?php
                        //stuff to recover password start
                        $error = '';
                        $success = '';
                        // check if we're in reset form
                        if ( isset( $_POST['action'] ) && 'reset' === $_POST['action'] && directorist_verify_nonce() ) :
                            echo '<style>#recover-pass-modal { display: block; }</style>';

                            $email = isset( $_POST['user_login'] ) ? sanitize_email( wp_unslash( $_POST['user_login'] ) ) : '';

                            if ( empty( $email ) ) {
                                $error = __( 'Email address cannot be empty.', 'directorist' );
                            } else if ( ! is_email( $email ) ) {
                                $error = __( 'Invalid e-mail address.', 'directorist' );
                            } else if ( ! email_exists( $email ) ) {
                                $error = __( 'There is no user registered with that email address.', 'directorist' );
                            } else {
                                $user      = get_user_by( 'email', $email );
                                /* translators: %s: site name */
                                $subject   = esc_html( sprintf( __( '[%s] Reset Your Password', 'directorist' ), get_option( 'blogname', 'display' ) ) );
                                $title     = esc_html__( 'Password Reset Request', 'directorist' );
                                $site_name = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES );

                                /* translators: %1$s: site name, %1$s: user name, %3$s: password reset link */
                                $message = sprintf(
                                    __(
                                        'Someone has requested a password reset for the following account:
                                    <strong>Site name:</strong> %1$s
                                    <strong>User name:</strong> %2$s
                                    To reset your password, please click on the <a href="%3$s">Reset Password</a>.<br>
                                    If this was a mistake, just ignore this email and nothing will happen.'
                                    ),
                                    $site_name,
                                    $user->user_login,
                                    esc_url( directorist_password_reset_url( $user, true ) )
                                );

                                $message = wp_kses(
                                    $message, [
                                        'br' => [],
                                        'strong' => [],
                                        'a' => [
                                            'href' => []
                                        ]
                                    ] 
                                );

                                $message = atbdp_email_html( $title, nl2br( $message ) );

                                $headers[] = 'Content-Type: text/html; charset=UTF-8';
                                $mail      = wp_mail( $email, $subject, $message, $headers );
                                if ( $mail ) {
                                    $success = __( 'A password reset email has been sent to the email address on file for your account, but may take several minutes to show up in your inbox.', 'directorist' );
                                     
                                    echo '<style>#recover-pass-modal { display: none; }</style>';
                                } else {
                                    $error = __( 'Something went wrong, unable to send the password reset email. If the issue persists please contact with the site administrator.', 'directorist' );
                                }

                            }

                            if ( ! empty( $error ) ) {
                                echo '<div class="message"><p class="error directorist-alert directorist-alert-danger">' . wp_kses( sprintf( __( '<strong>ERROR: </strong> %s', 'directorist' ), esc_html( $error ) ), [ 'strong' => [] ] ) . '</p></div>';
                            }

                            if ( ! empty( $success ) ) {
                                echo '<div class="error_login"><p class="success directorist-alert directorist-alert-success">' . esc_html( $success ) . '</p></div>';
                            }

                        endif; ?>

                        <div id="recover-pass-modal" class="directorist-mt-15 directorist-authentication__form__recover-pass-modal">
                            <form action="#" method="post">
                                <fieldset class="directorist-form-group">
                                    <p><?php echo esc_html( $recpass_desc ); ?></p>
                                    <label for="reset_user_login"><?php echo esc_html( $recpass_username ); ?></label>
                                    <input type="text" class="directorist-mb-15 directorist-form-element" name="user_login" id="reset_user_login" value="<?php echo isset( $_POST['user_login'] ) ? esc_attr( sanitize_text_field( wp_unslash( $_POST['user_login'] ) ) ) : ''; ?>" placeholder="<?php echo esc_attr( $recpass_placeholder ); ?>" required="required" />
                                    <div class="directorist-authentication__form__btn-wrapper">
                                        <input type="hidden" name="action" value="reset" />
                                        
                                        <div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY_HERE" style="margin-bottom:10px;"></div>

                                        <button type="submit" class="directorist-btn directorist-authentication__form__btn" id="directorist__authentication__submit" aria-label="Recover Password Button"><?php echo esc_html( $recpass_button ); ?></button>
                                        <input type="hidden" value="<?php echo esc_attr( wp_create_nonce( directorist_get_nonce_key() ) ); ?>" name="directorist_nonce">
                                    </div>
                                </fieldset>
                            </form>
                        </div>
                    <?php }; ?>
                </div></div>

            <?php if ( directorist_is_user_registration_enabled() ) : ?>
            <div class="directorist-col-md-6 directorist-offset-md-3 directorist-registration-wrapper directorist-authentication <?php echo esc_attr( $active_form === 'signup' ? 'active' : '' ); ?>">
                <div class="directory_register_form_wrap directorist-authentication__form">
                    <div class="add_listing_title atbd_success_mesage directorist-authentication__message">
                        <?php
                        if ( ! empty( $_GET['registration_status'] ) && true == $_GET['registration_status'] ) {
                            if ( empty( $display_password_reg ) || 'yes' != $display_password_reg ) {
                                ?>
                                <p style="padding: 20px" class="alert-success directorist-alert directorist-alert-success"><span> <?php esc_html_e( 'Go to your inbox or spam/junk and get your password.', 'directorist' ); ?>
                                    <?php
                                    $output = sprintf( __( 'Click %s to login.', 'directorist' ), '<a href="' . ATBDP_Permalink::get_login_page_link() . '"><i style="color: red">' . __( 'Here', 'directorist' ) . '</i></a>' );
                                    echo wp_kses_post( $output );
                                    ?>
                                </span></p>
                            <?php } else { ?>
                                <p style="padding: 20px" class="alert-success directorist-alert directorist-alert-success"><span> <?php esc_html_e( 'Registration completed. Please check your email for confirmation.', 'directorist' ); ?>
                                    <?php
                                    $output = sprintf( __( 'Or click %s to login.', 'directorist' ), '<button class="directorist-authentication__btn directorist-authentication__btn--signin"><span style="color: red">' . __( 'Here', 'directorist' ) . '</span></button>' );
                                    echo wp_kses_post( $output );
                                    ?>
                                </span></p>
                                <?php
                            }
                        }
                        ?>
                        <p style="padding: 20px; display:none;" class="alert-danger directorist-register-error"><?php directorist_icon( 'las la-exclamation-triangle' ); ?></p>
                    </div>
                    <form action="#" method="post" class="directorist__authentication__signup">
                        <div class="directorist-form-group directorist-mb-35">
                            <label for="directorist__authentication__signup__username"><?php echo esc_html( $username ); ?> <strong class="directorist-form-required">*</strong></label>
                            <input id="directorist__authentication__signup__username" class="directorist-form-element" type="text" name="username" value="<?php echo isset( $_REQUEST['username'] ) ? esc_attr( sanitize_text_field( wp_unslash( $_REQUEST['username'] ) ) ) : ''; ?>" required>
                        </div>
                        <div class="directorist-form-group directorist-mb-35">
                            <label for="directorist__authentication__signup__email"><?php echo esc_html( $email ); ?> <strong class="directorist-form-required">*</strong></label>
                            <input id="directorist__authentication__signup__email" class="directorist-form-element" type="text" name="email" value="<?php echo isset( $_REQUEST['email'] ) ? esc_attr( sanitize_email( wp_unslash( $_REQUEST['email'] ) ) ) : ''; ?>" required>
                        </div>
                        <?php if ( ! empty( $display_password_reg ) && 'yes' == $display_password_reg ) { ?>
                            <div class="directorist-form-group directorist-mb-35">
                                <label for="directorist__authentication__signup__password"><?php
                                    echo esc_html( $password );
                                    echo '<strong class="directorist-form-required">*</strong>';
                                ?></label>
                                <input id="directorist__authentication__signup__password" class="directorist-form-element" type="password" name="password" value="" required>
                            </div>
                        <?php } ?>
                        <?php if ( ! empty( $display_fname ) && 'yes' == $display_fname ) { ?>
                        <div class="directorist-form-group directorist-mb-35">
                            <label for="directorist__authentication__signup__fname"><?php
                                echo esc_html( $first_name );
                                echo ( ! empty( $require_fname ) && 'yes' == $require_fname ? '<strong class="directorist-form-required">*</strong>' : '' );
                            ?></label>
                            <input id="directorist__authentication__signup__fname" class="directorist-form-element" type="text" name="fname" value="<?php echo isset( $_REQUEST['fname'] ) ? esc_attr( sanitize_text_field( wp_unslash( $_REQUEST['fname'] ) ) ) : ''; ?>" <?php echo ( ! empty( $require_fname ) && 'yes' == $require_fname ? 'required' : '' ); ?>>
                        </div>
                        <?php } ?>
                        <?php if ( ! empty( $display_lname ) && 'yes' == $display_lname ) { ?>
                        <div class="directorist-form-group directorist-mb-35">
                            <label for="directorist__authentication__signup__lname"><?php
                                echo esc_html( $last_name );
                                echo ( ! empty( $require_lname ) && 'yes' == $require_lname ? '<strong class="directorist-form-required">*</strong>' : '' );
                            ?></label>
                            <input class="directorist-form-element" id="directorist__authentication__signup__lname" type="text" name="lname" value="<?php echo isset( $_REQUEST['lname'] ) ? esc_attr( sanitize_text_field( wp_unslash( $_REQUEST['lname'] ) ) ) : ''; ?>" <?php echo ( ! empty( $require_lname ) && 'yes' == $require_lname ? 'required' : '' ); ?>>
                        </div>
                        <?php } ?>
                        <?php if ( ! empty( $display_website ) && 'yes' == $display_website ) {  ?>
                            <div class="directorist-form-group directorist-mb-35">
                                <label for="directorist__authentication__signup__website"><?php
                                    echo esc_html( $website );
                                    echo ( ! empty( $require_website ) && 'yes' == $require_website ? '<strong class="directorist-form-required">*</strong>' : '' );
                                ?></label>
                                <input id="directorist__authentication__signup__website" class="directorist-form-element" type="text" name="website" value="<?php echo isset( $_REQUEST['website'] ) ? esc_url( sanitize_text_field( wp_unslash( $_REQUEST['website'] ) ) ) : ''; ?>" <?php echo ( ! empty( $require_website ) && 'yes' == $require_website ? 'required' : '' ); ?>>
                            </div>
                        <?php } ?>
                        <?php if ( ! empty( $display_bio ) && 'yes' == $display_bio ) { ?>
                        <div class="directorist-form-group directorist-mb-35">
                            <label for="directorist__authentication__signup__bio"><?php
                                echo esc_html( $bio );
                                echo ( ! empty( $require_bio ) && 'yes' == $require_bio ? '<strong class="directorist-form-required">*</strong>' : '' );
                            ?></label>
                            <textarea id="directorist__authentication__signup__bio" class="directorist-form-element" name="bio" rows="10" placeholder="<?php echo esc_html( $bio ); ?>" <?php echo ( ! empty( $require_bio ) && 'yes' == $require_bio ? 'required' : '' ); ?>><?php echo isset( $_REQUEST['bio'] ) ? esc_textarea( sanitize_text_field( wp_unslash( $_REQUEST['bio'] ) ) ) : ''; ?></textarea>
                        </div>
                        <?php } ?>

                        <?php if ( ! empty( $enable_user_type ) && 'yes' == $enable_user_type ) { ?>

                            <div class="atbd_user_type_area directory_regi_btn directorist-radio directorist-radio-circle directorist-mb-35">
                                <input id="author_type" type="radio" name="user_type" value="author" <?php echo esc_attr( $author_checked ); ?>><label for="author_type" class="directorist-radio__label"><?php echo esc_html( $author_role_label ); ?>
                            </div>

                            <div class="atbd_user_type_area directory_regi_btn directorist-radio directorist-radio-circle directorist-mb-35">
                                <input id="general_type" type="radio" name="user_type" value="general" <?php echo esc_attr( $general_checked ); ?>><label for="general_type" class="directorist-radio__label"><?php echo esc_html( $user_role_label ); ?>
                            </div>

                        <?php } ?>

                        <?php if ( ! empty( $registration_privacy ) && 'yes' == $registration_privacy ) { ?>
                            <div class="atbd_privacy_policy_area directory_regi_btn directorist-checkbox directorist-mb-20">
                                <input id="directorist__authentication__signup__privacy_policy" type="checkbox" name="privacy_policy" <?php echo( ( isset( $privacy_policy ) && 'on' === $privacy_policy ) ? 'checked="checked"' : '' ); ?>>
                                <label for="directorist__authentication__signup__privacy_policy" class="directorist-checkbox__label"><?php echo esc_html( $privacy_label ); ?> <a style="color: red" target="_blank" href="<?php echo esc_url( $privacy_page_link ); ?>"><?php echo esc_html( $privacy_label_link ); ?></a> <span class="directorist-form-required">*</span></label>
                            </div>
                        <?php } ?>
                        <?php if ( ! empty( $enable_registration_terms ) && 'yes' == $enable_registration_terms ) { ?>
                            <div class="atbd_term_and_condition_area directory_regi_btn directorist-checkbox directorist-mb-30">
                                <input id="directorist__authentication__signup__listing_t" type="checkbox" name="t_c_check" <?php echo( ( isset( $t_c_check ) && 'on' === $t_c_check ) ? 'checked="checked"' : '' ); ?>>
                                <label for="directorist__authentication__signup__listing_t" class="directorist-checkbox__label"><?php echo esc_attr( $terms_label ); ?>
                                    <a style="color: red" target="_blank" href="<?php echo esc_url( $t_C_page_link )?>"><?php echo esc_attr( $terms_label_link ); ?></a> <span class="directorist-form-required">*</span></label>
                            </div>
                        <?php } ?>

                        <?php
                        /*
                         * @since 4.4.0
                         */
                        do_action( 'atbdp_before_user_registration_submit' );
                        ?>
                        <div class="directory_regi_btn directorist-mb-15">
                            
                            <div class="cf-turnstile" data-sitekey="YOUR_SITE_KEY_HERE" style="margin-bottom:10px;"></div>

                            <?php if ( get_directorist_option( 'redirection_after_reg' ) === 'previous_page' ) { ?>
                            <input type="hidden" name='previous_page' value='<?php echo esc_url( wp_get_referer() ); ?>'>
                            <?php } ?>
                            <input type="hidden" value="<?php echo esc_attr( wp_create_nonce( directorist_get_nonce_key() ) ); ?>" name="directorist_nonce">
                            <a class="directorist-btn directorist-authentication__form__btn" href="#"><?php echo esc_html( $reg_signup ); ?></a>
                        </div>
                        <div class="directory_regi_btn directorist-authentication__form__toggle-area">
                            <p><?php echo esc_html( $login_text ); ?> <button class="directorist-authentication__btn directorist-authentication__btn--signin"><?php echo esc_html( $log_linkingmsg ); ?></button></p>
                        </div>
                    </form>
                </div>
            </div>
            <?php endif; ?>
        </div>
    </div>
</div>

Deployment Checklist (For new sites)

Paste Files: Paste the two files above (adding your Keys).
Plugin Settings: In Simple Cloudflare Turnstile, disable "WordPress Login" (and "Registration"). Enable "Comments" and "Reset Password".
Directorist Settings: In Directorist > Extensions, disable "Google reCAPTCHA".
Clear Cache: Clear browser and site cache.