Setting Up Custom Cloudflare Turnstile

Configure your own Cloudflare Turnstile for custom domains

Setting Up Custom Cloudflare Turnstile

If you're using a custom domain for your Mayhem Marketplace storefront, you can configure your own Cloudflare Turnstile credentials to provide bot protection that's properly linked to your domain.

What is Cloudflare Turnstile?

Cloudflare Turnstile is a free, privacy-focused alternative to CAPTCHA that protects your forms and checkout process from bots without frustrating your customers with image puzzles. It provides invisible or managed challenges that verify visitors are human.

Why Configure Custom Turnstile?

When using a custom domain:

  • Better Verification: Turnstile works best when configured for your specific domain
  • Improved Security: Your own credentials ensure the verification is tied to your domain
  • Seamless Experience: Reduces false positives for your legitimate customers

If you're not using a custom domain (e.g., using yourshop.mayhem.com), you don't need to configure custom Turnstile credentials—the default system works automatically.

Getting Your Cloudflare Turnstile Credentials

Step 1: Sign Up for Cloudflare (if needed)

  1. Visit Cloudflare.com and create a free account
  2. You don't need to transfer your domain to Cloudflare—just an account is enough

Step 2: Access Turnstile Settings

  1. Log into your Cloudflare Dashboard
  2. In the left sidebar, click on Turnstile
  3. Click Add Site to create a new Turnstile widget

Step 3: Configure Your Widget

  1. Site Name: Enter a descriptive name (e.g., "My Mayhem Shop")
  2. Domain: Enter your custom domain (e.g., "shop.yourdomain.com")
  3. Widget Type: Choose Managed (recommended)
    • Managed: Cloudflare decides when to show a challenge
    • Non-interactive: Always invisible, may have more false positives
    • Invisible: Completely hidden, balance of security and user experience
  4. Click Create

Step 4: Copy Your Keys

After creating the widget, Cloudflare will display two keys:

  • Site Key: This is public and will be used in your website's HTML
  • Secret Key: This is private and used for server-side verification

Important: Keep your Secret Key secure. Never share it publicly.

Adding Your Credentials to Mayhem

  1. Go to your Mayhem seller dashboard
  2. Navigate to Account → Integrations
  3. Find the Cloudflare Turnstile section
  4. Enter your Site Key in the first field
  5. Enter your Secret Key in the second field
  6. Click Save Turnstile Credentials

Your credentials are stored securely—the Secret Key is encrypted before being saved.

Testing Your Configuration

After saving your credentials:

  1. Visit your storefront on your custom domain
  2. Try making a purchase or using the contact form
  3. The Turnstile widget should appear (if set to Managed mode)
  4. Complete the verification to confirm it's working

Troubleshooting

"Verification Failed" Errors

  • Check Domain Match: Ensure the domain in Cloudflare exactly matches your custom domain
  • Include Subdomains: If your shop is at "shop.domain.com", add "shop.domain.com" to Cloudflare
  • Wait for Propagation: New configurations may take a few minutes to take effect

Widget Not Appearing

  • Verify your Site Key is entered correctly (no extra spaces)
  • Check that your Widget Type in Cloudflare is set to "Managed" or "Non-interactive"
  • Ensure JavaScript is enabled in your browser

Too Many Challenges

If customers are seeing too many verification challenges:

  1. In Cloudflare, go to your Turnstile widget settings
  2. Adjust the Interaction settings to be less strict
  3. Consider switching to "Invisible" mode if appropriate

Removing Your Custom Turnstile

To remove your custom Turnstile configuration:

  1. Go to Account → Integrations
  2. Clear both the Site Key and Secret Key fields
  3. Click Remove Turnstile or save with empty fields

Your storefront will automatically fall back to using the default Mayhem Turnstile configuration.

Security Best Practices

  1. Never Share Your Secret Key: Keep it confidential
  2. Rotate Keys Periodically: Consider generating new keys annually
  3. Monitor Usage: Check Cloudflare's analytics for unusual patterns
  4. Use HTTPS: Always use HTTPS on your custom domain

Need More Help?

If you're experiencing issues with Cloudflare Turnstile:

By properly configuring Cloudflare Turnstile for your custom domain, you ensure a smooth, secure checkout experience for your customers while protecting your shop from bots and spam.