Site Health Integration
The plugin adds a custom test to WordPress's built-in Tools → Site Health screen.
Where to Find It
Admin: Tools → Site Health → Status tab
Look for:
Cloudflare Turnstile is configured correctly ✓
or
Cloudflare Turnstile keys are missing ✗
What the Test Checks
The test name: Cloudflare Turnstile Readiness
It verifies that both API keys are present.
| Check | Pass Condition |
|---|---|
| Site Key | get_option('wkcft_site_key') is non-empty |
| Secret Key | get_option('wkcft_secret_key') is non-empty |
Possible Results
"Cloudflare Turnstile is configured correctly"
Status: good (green)
Meaning: Both API keys are saved. Plugin is ready to protect forms.
Badge: Security (blue)
"Cloudflare Turnstile keys are missing"
Status: critical (red)
Meaning: Site Key or Secret Key (or both) are empty.
Impact: No CAPTCHA is being enforced — forms are not actually protected.
Recommended action: Click the Configure Keys button in the Site Health panel. This takes you to wp-admin/admin.php?page=wkcft-settings&tab=wkcft_api where you can paste your keys.
Why This Matters
Site Health is the first place site reviewers, devs, and hosting providers look when a WordPress site gets audited. Having Turnstile show up as "good" is a strong signal that security is being taken seriously.
Also — if someone accidentally clears the Secret Key (e.g., during a settings reset), Site Health catches it on the next admin page load. You see the red banner across the dashboard.
Code Reference (for developers)
The test is registered via the site_status_tests filter:
add_filter('site_status_tests', function($tests) {
$tests['direct']['wkcft_turnstile_status'] = [
'label' => __('Cloudflare Turnstile Readiness', 'turnstile-captcha-for-woocommerce'),
'test' => ['WKCFT_Plugin', 'wkcft_test_turnstile_health']
];
return $tests;
});
Test callback: WKCFT_Plugin::wkcft_test_turnstile_health().
Expanding the Test
The plugin's test is a simple keys-present check. For richer checks (e.g., "Secret Key was tested against Cloudflare in the last 24h"), register your own Site Health tests alongside:
add_filter('site_status_tests', function($tests) {
$tests['direct']['my_extra_turnstile_check'] = [
'label' => __('Turnstile Secret Still Valid', 'my-plugin'),
'test' => 'my_extra_turnstile_check_callback'
];
return $tests;
});
function my_extra_turnstile_check_callback() {
// Your logic here
return [
'label' => 'Secret key verified last hour',
'status' => 'good',
'badge' => ['label' => 'Security', 'color' => 'blue'],
'description' => '...',
'test' => 'my_extra_turnstile_check'
];
}
Declared Compatibility Flags
Separate from Site Health but related — the plugin declares compatibility with WooCommerce features:
| Feature | Declared In |
|---|---|
| Custom Order Tables (HPOS) | FeaturesUtil::declare_compatibility('custom_order_tables', ...) |
| Cart/Checkout Blocks | FeaturesUtil::declare_compatibility('cart_checkout_blocks', ...) |
See WooCommerce → Settings → Advanced → Features — plugin shows as compatible.
WordPress Debug Info
The plugin does not currently contribute to Tools → Site Health → Info tab. You can view plugin settings via:
WooCommerce → Status → Logs(if any error logs exist)- Direct WP-CLI:
wp option list --search="wkcft_*"
Related Pages
- API Settings — Where to paste keys that the test checks
- Installation — What activation sets up
- Troubleshooting — Fixes for test failures