My WordPress site runs Contact Form 7 and spam is creeping in. I want the form protected with Cloudflare Turnstile (I’m open to Altcha if there’s a strong reason), fully integrated so the user experience stays smooth and the styling matches the current theme. At the same time, one of my domain-based mailboxes was recently compromised. The account is hosted on HostGator and accessed through Roundcube webmail. I have already changed the password, but delivery is still unreliable and I’m concerned that DNS or authentication records (SPF, DKIM, DMARC) may have been altered during the breach. I need the mailbox reinstated to normal operation and any lingering security loopholes closed. Acceptance criteria • Contact Form 7 submits only when Turnstile validation passes and no spam slips through during testing. • Mailbox sends and receives reliably in Roundcube and external clients; SPF, DKIM, and DMARC all pass checks on mxtoolbox or similar. • A short summary of the steps taken and any credentials or API keys I need to keep on file.