WordPress OSINT, maintenance or security needs? Reach out!
TLDWP

Plugin: kitgenix-captcha-for-cloudflare-turnstile (Used by 221 domains)

Kitgenix CAPTCHA for Cloudflare Turnstile

πŸ‘€ Kitgenix πŸ“¦ v1.0.18 πŸ”— Plugin Homepage

Spam is expensive: it wastes time, clogs inboxes, creates fake accounts, and on stores it can lead to abandoned checkout noise and fraudulent activity. Traditional CAPTCHA solutions can also hurt conversions by adding friction.

Cloudflare Turnstile is a modern, privacy-first CAPTCHA alternative designed to reduce friction for real people while still blocking bots.

Kitgenix CAPTCHA for Cloudflare Turnstile is a production-ready Turnstile integration for WordPress that focuses on reliability in real-world setups:
– Server-side token verification (using Cloudflare’s official endpoint)
– Fast, conditional loading (only where needed)
– Support for dynamic/AJAX forms and modern WooCommerce Blocks / Store API checkout
– Security features: replay protection, proxy-aware IP handling, whitelisting, and developer mode (warn-only)

You can enable/disable each integration (and many per-form toggles), choose auto-injection vs shortcode-only placement, customise display and messaging, and use built-in diagnostics and Site Health checks to troubleshoot.

Supported integrations (where Turnstile can be added)

All integrations are enable-able from settings. Many also support Mode: Auto vs Shortcode.

WordPress Core
– Login
– Registration
– Lost password
– Reset password
– Comments (standard WordPress comment forms, including safe handling for comment failures/redirects)

WooCommerce (Classic)
– Checkout
– Product reviews
– My Account login
– My Account registration
– Lost password

WooCommerce Blocks (Store API / Block Checkout)
– UI rendering inside block-based checkout
– Adds token to Store API requests (header and/or extensions payload when available)
– Server-side validation of Store API checkout requests
– Supports β€œshortcode-only mode” behaviour so you can control placement

Easy Digital Downloads (EDD)
– Checkout
– Login
– Register
– Profile editor

Form plugins
– Contact Form 7 (CF7)
– WPForms
– Fluent Forms
– Formidable Forms
– Forminator
– Gravity Forms
– JetFormBuilder
– Jetpack Forms
– Kadence Forms
– Elementor Forms (including popups and AJAX submissions)

Community / forums
– bbPress (topic/reply flows where applicable)
– BuddyPress (flows where applicable)

Core features (site-wide)

Turnstile widget rendering
– Uses Cloudflare’s official Turnstile API script
– Widget options:
– Theme: auto / light / dark
– Size: small / medium / large / normal / flexible
– Appearance: stored as Turnstile β€œappearance” option (defaults to always)
– Language: auto or explicit locale (passed via hl=...)

Settings & admin experience
– Settings page under the shared Kitgenix WP admin menu
– Live β€œtest widget” preview on the settings screen (renders when a Site Key is present)
– Site Key + Secret Key storage (secret not printed in HTML by default)
– β€œReveal secret key” (admins only, nonce-protected AJAX action)

Messaging & UX
– Custom error message (admin-configurable, used across integrations)
– Extra message text (optional text displayed alongside/under the widget)
– β€œDisable submit until completed” option (frontend behaviour via plugin JS)

Replay protection (enabled by default)
– Detects re-used tokens (hash stored in transients) and blocks replays
– TTL is filterable
– Stores hashed token markers under the transient prefix kitgenix_captcha_for_cloudflare_turnstile_ts_
– Sets a short-lived cookie (kitgenix_captcha_for_cloudflare_turnstile_ts_replay, ~120s) when replay is detected (for frontend behaviour/messages)
– Dedicated replay message (filterable)

Developer mode (warn-only)
– Verification failures do not block submissions
– Failures are logged (and emitted via a developer log action)
– Optional inline warning annotation for admins (frontend config)

Whitelisting (skip Turnstile + skip loading API script)
– Whitelist logged-in users
– Whitelist by IP (exact, wildcards, CIDR β€” including IPv6)
– Whitelist by User-Agent (substring or wildcard matching)
– Filter hook to override whitelist decision

Proxy / real-IP handling
– Optional trust of proxy headers (Cloudflare / X-Forwarded-For style)
– Trusted proxy IP list / trust controls
– Forwarded headers are only honoured when the request originates from a trusted proxy

Performance & resilience
– Conditional script loading only where needed
– Async/strategy-based script loading (depending on WP version)
– Adds resource hints (preconnect / dns-prefetch) for Turnstile domain
– Detects duplicate Turnstile API loaders (if another plugin/theme enqueues api.js):
– Stores detection in the transient kitgenix_turnstile_duplicate_scripts
– Shows admin notice on settings and Plugins screen
– Includes dismiss link (nonce-protected, uses kitgenix_captcha_for_cloudflare_turnstile_ts_dismiss_dupe=1)

Site Health + diagnostics
– Adds a Site Health test: β€œCloudflare Turnstile readiness”
– Checks:
– Keys present
– Duplicate API loader transient (kitgenix_turnstile_duplicate_scripts)
– Last verification success/failure snapshot
– Heuristic warning if common optimisation/caching plugins are active
– Stores the last verify outcome (success, time, error codes) for Site Health display
– Tracks privacy-safe counters in kitgenix_captcha_for_cloudflare_turnstile_metrics (checks total/passed/failed)

Manual placement (shortcode)

If you have a custom form or an unsupported plugin, you can manually render the widget:

[kitgenix_turnstile]

Shortcode output includes:
– a nonce field
– a hidden cf-turnstile-response input
– the widget container (with data-sitekey)
– support for passing arbitrary attributes via shortcode attributes

Many supported integrations also offer Shortcode-only mode (you place the shortcode where you want; the plugin validates server-side without auto-injection).

Quick Start

  1. Install and activate the plugin.
  2. Open the Turnstile settings under the Kitgenix hub in wp-admin.
  3. Add your Cloudflare Turnstile Site Key and Secret Key.
  4. Configure widget options (theme/size/appearance/language) and messaging if needed.
  5. Enable the integrations (and per-form toggles) you want.
  6. Save, then test the key user journeys: login, registration, checkout, and your main contact form.

Tip: Start with Developer mode (warn-only) on staging or during rollout. Once you’re satisfied, disable warn-only to enforce blocking.

Performance and caching notes (important for stores)

Turnstile is lightweight, but aggressive optimisation can break rendering or token freshness.

If you use caching/optimisation plugins:
– Allowlist https://challenges.cloudflare.com
– Avoid full-page caching on login/account/checkout pages
– Avoid combining/inlining the Turnstile loader
– Avoid heavily delaying Elementor/form plugin scripts
– Ensure outbound HTTP requests to Cloudflare are not blocked (needed for server-side verification)

Settings Overview

Main settings:
– Site Key
– Secret Key (with β€œsecret present” state, clear/reveal)
– Theme (auto/light/dark)
– Size (small/medium/large/normal/flexible)
– Appearance (Turnstile appearance option)
– Language (auto or specific locale)
– Disable submit until completed
– Custom error message
– Extra message text

Security & advanced:
– Replay protection (on/off)
– Developer mode (warn-only)
– Whitelist logged-in users
– Whitelist IPs (wildcards/CIDR, including IPv6)
– Whitelist user agents
– Proxy trust (enable/disable)
– Trusted proxy IPs / trust controls

Integrations (enable + per-form toggles where available):
– WordPress Core (login/register/lost password/reset password/standard comments)
– WooCommerce (checkout/product reviews/login/register/lost password)
– WooCommerce Blocks mode (auto vs shortcode-only)
– Easy Digital Downloads (checkout/login/register/profile)
– Contact Form 7
– WPForms
– Fluent Forms
– Formidable Forms
– Forminator
– Gravity Forms
– Jetpack Forms
– Kadence Forms
– Elementor Forms
– bbPress
– BuddyPress

Developers

Shortcode:
[kitgenix_turnstile]

Server-side verification endpoint:
https://challenges.cloudflare.com/turnstile/v0/siteverify

Filters (script/loading):
– kitgenix_captcha_for_cloudflare_turnstile_script_url( $url, $settings )
– kitgenix_turnstile_freshness_ms
– kitgenix_turnstile_inline_style

Filters (verification / request handling):
– kitgenix_turnstile_siteverify_url
– kitgenix_turnstile_siteverify_timeout
– kitgenix_turnstile_siteverify_sslverify
– kitgenix_turnstile_siteverify_http_args
– kitgenix_turnstile_send_remoteip
– kitgenix_turnstile_remote_ip
– kitgenix_turnstile_token_from_request
– kitgenix_turnstile_handle_comment_form
– kitgenix_turnstile_error_codes
– kitgenix_turnstile_error_message
– kitgenix_turnstile_replay_message
– kitgenix_captcha_for_cloudflare_turnstile_{context}_turnstile_error_message

Filters (replay protection):
– kitgenix_turnstile_replay_ttl

Filters (whitelist / proxy trust):
– kitgenix_turnstile_is_whitelisted( $is_whitelisted, $details )
– kitgenix_turnstile_trust_headers
– kitgenix_turnstile_trusted_proxies

Internal identifiers (options / transients / cookies / meta):
– Option: kitgenix_captcha_for_cloudflare_turnstile_settings
– Settings group (Settings API): kitgenix_captcha_for_cloudflare_turnstile_settings_group
– Option: kitgenix_captcha_for_cloudflare_turnstile_metrics
– Option: kitgenix_turnstile_last_verify
– Transient: kitgenix_captcha_for_cloudflare_turnstile_do_activation_redirect
– Transient: kitgenix_turnstile_duplicate_scripts
– Transient prefix (replay protection): kitgenix_captcha_for_cloudflare_turnstile_ts_
– Cookie (replay notice): kitgenix_captcha_for_cloudflare_turnstile_ts_replay
– WooCommerce order meta (Blocks/Store API verification): _kitgenix_turnstile_verified

Internal nonces / actions:
– Shortcode/form nonce field name: kitgenix_captcha_for_cloudflare_turnstile_nonce
– Shortcode/form nonce action: kitgenix_captcha_for_cloudflare_turnstile_action
– Settings save nonce field name: kitgenix_captcha_for_cloudflare_turnstile_settings_nonce
– Settings save nonce action: kitgenix_captcha_for_cloudflare_turnstile_settings_save
– Admin AJAX action (reveal saved secret): kitgenix_turnstile_get_secret (WordPress hook: wp_ajax_kitgenix_turnstile_get_secret)
– Admin AJAX nonce action (reveal saved secret): kitgenix_turnstile_reveal_secret
– Duplicate-loader notice dismiss query arg: kitgenix_captcha_for_cloudflare_turnstile_ts_dismiss_dupe
– Duplicate-loader notice dismiss nonce action: kitgenix_captcha_for_cloudflare_turnstile_ts_dismiss

Actions (developer logging):
– kitgenix_turnstile_dev_log

External Services

This plugin uses Cloudflare Turnstile to verify requests and prevent spam and abuse.

The plugin may:
– Load the Turnstile script:
https://challenges.cloudflare.com/turnstile/v0/api.js
– Submit verification requests server-side to:
https://challenges.cloudflare.com/turnstile/v0/siteverify

When verification is enabled, the plugin sends to Cloudflare:
– Your Turnstile secret key
– The Turnstile response token
– The visitor IP address (as the optional remoteip parameter, when enabled)

The plugin does not send the visitor’s browser user agent to Cloudflare as part of the verification payload (the HTTP request itself is made server-side by WordPress).

If proxy trust is enabled, the plugin may read forwarding headers (e.g. CF-Connecting-IP, X-Forwarded-For) to determine the client IP, but only when requests originate from configured trusted proxies.

The plugin does not add tracking cookies itself and does not sell or share personal data.

Cloudflare Turnstile Terms: https://developers.cloudflare.com/turnstile/
Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/

This plugin also includes a shared β€œKitgenix hub” component in wp-admin which may fetch publicly available plugin metadata from WordPress.org using the WordPress core plugins_api() function (WordPress.org Plugins API).

  • When it runs: only in wp-admin (Kitgenix plugin admin pages)
  • Data sent: plugin slug(s) (no personal data)
  • Data received: publicly available plugin information (e.g. active installs, ratings)
  • Caching: responses are cached locally using transients for ~1 day:
    • kitgenix_hub_wporg_active_installs_v1
    • kitgenix_hub_wporg_ratings_v1

Trademark Notice

β€œCloudflare” and the Cloudflare logo are trademarks of Cloudflare, Inc. This plugin is not affiliated with or endorsed by Cloudflare, Inc.

Support Development

If this plugin helps keep spam away without slowing your site down, you can support ongoing development here:
https://donate.stripe.com/9B65kDgG3fTQ2Kzcmwf7i00

Credits

Built with ❀︎ by @kitgenix – https://kitgenix.com

DomainExposuresHeadersLast Checked
b*t*e*s*e*c*d*y.com (WP 6.2.9) ⚠️ F 2026-07-09 13:33:19
j*r*n*m*c*b*e*a.com (WP 7.0) βœ… F 2026-07-09 11:51:40
c*a*t*o*a*r*c*.com (WP 6.6.1) βœ… F 2026-07-09 09:52:11
t*l*i*g*p*e*h.com (WP 6.2.9) ⚠️ F 2026-07-09 06:27:04
t*l.n*t.ua πŸ‘€ F 2026-07-09 05:58:19
e*d*c*b.com πŸ‘€ F 2026-07-09 01:01:42
b*a*h*i*i*s*o*k*l*b.org βœ… A 2026-07-08 23:02:29
s*n*a*o*i*a*o*k*u*i*c*u*.org βœ… A 2026-07-08 23:02:29
l*n*n*c*i*a.com βœ… F 2026-07-08 11:35:38
s*l*a*s*o*t.com βœ… C 2026-07-08 11:01:10
4*e*s*o*l*.com βœ… F 2026-07-08 02:16:42
s*a*o*r*i*e*l*u*c*.com (WP 6.9.4) βœ… F 2026-07-07 18:53:06
t*c*p*r*s.com (WP 7.0) ❌ πŸ‘€ F 2026-07-07 16:06:03
g*o*n*v*l*y.com βœ… D 2026-07-07 14:22:42
m*g*i*y*i*p*b.com πŸ”“ F 2026-07-07 08:39:21
t*r*a*s*n*m*r*.com βœ… F 2026-07-07 01:16:54
v*b*a*t*o*e*t.c*.uk βœ… F 2026-07-06 22:45:35
h*r*m*n*-*r*n*e*v*c*.de (WP 7.0) βœ… F 2026-07-06 22:44:05
r*i*n*t*.consulting (WP 7.0) πŸ‘€ D 2026-07-06 22:39:46
j*n*k*r*z.com βœ… A 2026-07-06 21:50:42
s*i*s*i*l*l*c.com βœ… C 2026-07-06 14:52:53
4*e*s*o*l*.eu βœ… F 2026-07-06 13:22:05
w*b*i*e*e*i*n*i.com (WP 7.0) πŸ‘€ D 2026-07-05 18:48:51
p*o*a*s*l.com βœ… D 2026-07-05 14:26:29
w*b*o*g*o*s.com πŸ‘€ D 2026-07-05 11:38:23
s*a*i*g*y*e*f*c*.com (WP 7.0) πŸ‘€ F 2026-07-05 11:17:57
e*o*r*e*b*l*v*a.com βœ… D 2026-07-05 11:05:16
b*e*v*n*.com πŸ“„ F 2026-07-05 11:01:05
b*c*e*t*i*s.com (WP 6.2.9) ⚠️ F 2026-07-05 05:56:37
b*c*e*b*x.com (WP 6.2.9) ⚠️ F 2026-07-05 05:48:33
c*a*u*a.com (WP 7.0) πŸ‘€ D 2026-07-04 21:51:31
c*n*e*e*c*s*i*s*n*e*i*n.com (WP 7.0) βœ… F 2026-07-04 18:59:13
c*n*e*e*c*s*p*l*e*-*e*i*n.com (WP 7.0) βœ… F 2026-07-04 18:56:16
c*n*e*e*c*c*a*h*n*.com (WP 6.2.9) ⚠️ F 2026-07-04 18:51:30
b*a*h*i*i*s*o*k*l*b.com βœ… A 2026-07-04 11:15:45
m*p*n*.com (WP 7.0) βœ… F 2026-07-04 04:54:45
t*n*e*t*e*l*.com (WP 7.0) πŸ‘€ B 2026-07-04 01:57:24
c*m*o*e*s*a*.com (WP 7.0) πŸ‘€ F 2026-07-04 01:32:28
v*r*u*s*.fr βœ… F 2026-07-04 01:18:04
s*l*c*w*l*n*s*.au (WP 7.0) πŸ‘€ F 2026-07-03 23:53:03
l*g*n*s*f*h*c*l*i*h*r*.com βœ… A 2026-07-03 23:26:16
e*g*e*o*m*n*u*a*i*n.com βœ… F 2026-07-03 18:10:02
e*m*s*s*l.com (WP 7.0) βœ… F 2026-07-03 14:41:45
m*z*k*c*f*o*a.pl (WP 7.0) πŸ‘€ F 2026-07-03 12:24:48
c*m*p*l*r*s.com πŸ‘€ F 2026-07-03 10:17:33
m*s*s*o*l*c*i*n*f*c*a*.com (WP 7.0) βœ… F 2026-07-03 10:10:52
g*t*a*r*e*i*a*o*e*.com (WP 7.0) βœ… B 2026-07-02 19:01:09
a*n*p*t*s*a*a.org (WP 6.9.4) βœ… F 2026-07-02 10:58:13
b*r*r*s*n*t*c*.com βœ… F 2026-07-02 02:00:28
b*r*o*o*n*r.com βœ… A 2026-07-02 01:42:18
g*e*n*t*e*t*e*v*c*s.com πŸ‘€ F 2026-07-02 01:09:37
d*3.mx (WP 7.0) βœ… F 2026-07-01 23:49:07
p*a*u*a*n*o*m*t*c*.it (WP 6.9.4) πŸ”“ πŸ‘€ F 2026-07-01 23:24:36
b*r*a*a*c*n*o*.com βœ… A 2026-07-01 22:56:36
b*r*a*a*n*t*o*.com βœ… A 2026-07-01 22:44:20
b*r*a*a*a*r*l*r*b*r*s.com βœ… A 2026-07-01 22:20:42
a*w*r*.com (WP 6.2.9) ⚠️ πŸ‘€ F 2026-07-01 18:04:30
j*c*u*t*e*p*b*i*a*i*n*.com βœ… A 2026-07-01 12:13:52
s*n*a*o*i*a*o*k*u*i*c*u*.com βœ… A 2026-07-01 05:31:05
m*d*g*s*a*v*s*t.com βœ… D 2026-07-01 02:38:46
p*t*i*k*a*l.com βœ… A 2026-06-30 23:24:26
m*-*a*p.com (WP 7.0) βœ… F 2026-06-30 22:23:19
c*t*y*u*z*r.com βœ… A 2026-06-30 16:03:53
c*t*e*i*e*r*a*l.com βœ… A 2026-06-30 14:44:53
p*l*s*d*p*o*u*t*o*s.com βœ… A 2026-06-30 14:16:56
g*e*s*a*t.com (WP 7.0) πŸ‘€ D 2026-06-30 11:12:34
c*s*a*d*a*a*a*.com (WP 7.0) βœ… F 2026-06-30 03:14:14
d*j*l*c*d*n*.com βœ… F 2026-06-30 02:20:32
b*u*s*y*l*a*a*.com βœ… F 2026-06-30 00:13:52
g*t*d*b*c*.es βœ… F 2026-06-21 19:37:16
o*9.gr (WP 7.0) πŸ‘€ F 2026-06-19 10:32:51
j*s*s*h*i*t.pictures πŸ‘€ F 2026-06-17 17:15:26
g*z*t*b*.ro πŸ”“ F 2026-06-16 12:25:56
a*i*p*c*f*c*c*a*b*r.com (WP 7.0) βœ… F 2026-06-15 11:37:09
p*w*r*n*s.plus βœ… F 2026-06-13 17:48:17
p*y*h*l*g*w*r*s*l*c.com (WP 6.9.4) πŸ‘€ F 2026-06-13 17:16:04
g*l*m*n*r*r*e*t*n*.com (WP 7.0) βœ… F 2026-06-13 16:42:51
a*i*p*c*f*c.cl (WP 7.0) βœ… F 2026-06-13 05:51:10
p*r*h*.no (WP 6.8.5) βœ… F 2026-06-11 11:08:48
p*i*t*o*r*e*o*y.c*.uk (WP 6.9.4) βœ… F 2026-06-10 07:54:29
m*s*c*n*e*t.c*.uk (WP 6.8.5) πŸ‘€ F 2026-06-07 23:15:06
m*y*t*k*l*a.com (WP 7.0) βœ… F 2026-06-06 22:22:04
m*i*l*m*c*o*k*.com πŸ‘€ F 2026-06-06 13:36:06
m*i*l*m*c*o*k.com βœ… F 2026-06-06 13:36:06
m*a*a*i*b*o*.com βœ… F 2026-06-06 11:31:04
f*r*e*b*l*v*a.com (WP 7.0) βœ… F 2026-06-06 10:29:00
t*e*o*s*i*v*c*l*s*.com βœ… F 2026-06-06 10:25:22
a*f*r*.org βœ… A 2026-06-06 00:36:28
t*e*i*l*s*s*e*s.com βœ… A 2026-06-05 15:38:05
m*e*e*-*a*e*.com βœ… F 2026-06-04 01:59:38
a*o*v*i*o*t.com (WP 7.0) βœ… F 2026-06-03 16:06:04
c*a*d*k*a*v*m*.com (WP 6.9.4) βœ… F 2026-06-03 07:10:58
m*s*e*i*t*r*i*w.com (WP 6.2.9) ⚠️ F 2026-06-03 07:02:19
f*a*e*h*.com βœ… D 2026-06-03 00:59:10
f*a*r*n*e*t*e*e.com βœ… D 2026-06-03 00:12:48
m*d*l*s*a*l*c.com βœ… A 2026-06-02 21:54:54
m*c*n*w*a*n*h.com (WP 6.9.4) βœ… F 2026-06-02 16:57:08
n*c*o*e*i*e*c*.com (WP 6.9.4) βœ… F 2026-06-02 04:36:28
s*l*y*a*e*m*.com βœ… A 2026-06-01 15:31:09
p*i*t*o*r*o*e*t*.com (WP 6.9.4) βœ… F 2026-06-01 07:23:28

Top 50 Plugins

Plugin Count
elementor 1,810,516
contact-form-7 1,799,344
elementor-pro 1,068,897
woocommerce 828,832
revslider 626,358
jetpack 470,836
js_composer 434,701
wp-rocket 343,674
essential-addons-for-elementor-lite 272,813
complianz-gdpr 268,074
gravityforms 261,067
cookie-law-info 237,046
instagram-feed 231,837
google-site-kit 230,144
sitepress-multilingual-cms 217,619
header-footer-elementor 213,640
google-analytics-for-wordpress 213,328
bluehost-wordpress-plugin 192,980
elementskit-lite 186,647
gutenberg 167,461
cookie-notice 156,268
gutenberg-core 152,794
litespeed-cache 139,267
wpforms-lite 130,810
gtranslate 128,889
the-events-calendar 126,976
astra-sites 120,340
popup-maker 114,515
woocommerce-payments 113,841
tablepress 103,883
honeypot 100,159
coblocks 98,761
astra-addon 96,634
wp-smushit 93,879
all-in-one-seo-pack 93,475
layerslider 92,727
duracelltomi-google-tag-manager 92,629
bb-plugin 88,397
premium-addons-for-elementor 87,342
akismet 86,889
cleantalk-spam-protect 85,100
mailchimp-for-wp 84,628
ml-slider 83,013
megamenu 82,658
woocommerce-gateway-stripe 82,107
fusion-builder 79,469
smart-slider-3 78,255
borlabs-cookie 77,874
ewww-image-optimizer 77,843
formidable 77,666

Top 50 Themes

Theme Count
hello-elementor 630,877
Divi 516,152
astra 429,649
flatsome 133,851
Avada 124,986
generatepress 119,447
pub 105,800
oceanwp 84,314
kadence 81,166
enfold 72,587
salient 67,309
twentyseventeen 56,139
twentytwentyfour 53,940
betheme 53,554
bb-theme 53,534
h4 52,635
blocksy 51,748
cocoon-master 51,216
dt-the7 46,872
twentytwentyfive 45,066
neve 39,715
Avada-Child-Theme 37,821
woodmart 36,976
gox 36,260
bridge 33,115
twentytwentyone 31,739
lightning 30,300
twentytwenty 29,744
swell 28,440
Impreza 26,787
bricks 26,556
Newspaper 24,630
twentytwentythree 23,482
twentytwentytwo 19,846
epik-redesign 19,722
uncode 19,279
twentysixteen 18,040
pro 17,817
sydney 17,113
storefront 16,895
Total 14,941
extendable 14,833
hello-theme-child-master 14,113
factory-templates-4 13,722
yith-wonder 13,409
themify-ultra 13,295
yootheme 13,082
hestia 12,981
porto 12,211
twentynineteen 12,029