Select one or more tags, then press “Search Plugins”

Find Plugin with any / all of the selected criteria
Search Plugin

TrustSig Security Wordpress Plugin - Rating, Reviews, Demo & Download

TrustSig Security Wordpress Plugin - Rating, Reviews, Demo & Download
No ratings yet
Free
Follow for free plugins, new theme releases and theme news

Plugin Description

TrustSig provides non-interactive bot detection for WordPress. It injects the
TrustSig browser SDK, signs every rendered form with a per-site secret, and
verifies submissions against the TrustSig Edge service. Real visitors pass an
invisible check in about a second; scripted clients that never run JavaScript
are stopped.

When a request arrives without a valid token, TrustSig does not silently fail
open. Depending on the mode you choose it serves a lightweight “please wait”
interstitial that re-verifies the browser and then transparently continues the
original request — or blocks it.

The plugin works out of the box with no account and no API keys (anonymous
free tier). Connecting a TrustSig dashboard account is optional and only adds
analytics and higher limits.

Protection modes

  • Monitor — verify and log only, never block. Used for safe rollout; the
    upgrade path also pins existing sites here so behaviour never changes
    silently on update.
  • Challenge (default for new installs) — a missing or invalid token shows
    the interstitial, then continues or blocks.
  • Enforce — a missing or invalid token is blocked immediately.

What it protects

Browser forms are protected automatically with no code:

  • WordPress core — login, registration, comments, lost/reset password
  • WooCommerce — login, registration, checkout, pay order, lost password
  • BuddyPress — registration
  • Easy Digital Downloads — login, registration
  • Elementor Pro forms
  • Any other form (site-wide “protect all forms” option, the [trustsig_form]
    shortcode, or a hidden trustsig-response input)

It also includes optional brute-force lockout for repeated failed logins, an
opt-in admin-ajax / REST API guard, and a developer verification API.

For developers

  • PHP: trustsig_verify( array( 'token' => $t, 'action' => 'my_form' ) )
    returns pass | fail | challenge. Filters: trustsig_pre_verify,
    trustsig_result. Action: trustsig_blocked.
  • REST: POST /wp-json/trustsig/v1/verify with { "token": "..." }.

Known limitations

  • XML-RPC (xmlrpc.php) is intentionally out of scope and is not verified.
    Disable XML-RPC separately if it is unused on your site.
  • admin-ajax and the REST API are only protected when explicitly enabled in
    Settings, to avoid breaking third-party integrations.
  • File-upload and AJAX submissions cannot show the interstitial; under
    Challenge or Enforce mode a missing token on those is blocked, never
    silently allowed.

External services

This plugin relies on the TrustSig Edge service to decide whether a request
comes from a human or an automated client. This bot-detection verdict cannot be
produced locally, so the service is required for the plugin’s core
functionality.

Service provider: TrustSig — https://trustsig.eu

Remote script loaded in the browser:
https://edge.trustsig.eu/trustsig.js is loaded on pages that contain a
protected form, on the login screen, and on the verification interstitial. The
script runs the non-interactive browser check and produces a verification
token.

Data sent from the visitor’s browser / your server to
https://edge.trustsig.eu/verify:

  • the TrustSig verification token generated by the SDK in the visitor’s browser;
  • your site’s host name (e.g. example.com) on the anonymous free tier, or, if
    you connect a dashboard account, the secret key you entered;
  • as part of any HTTPS request, the visitor’s IP address and standard request
    metadata (such as the user-agent) are visible to the service.

When data is sent: when the SDK loads on a protected page, when a protected
form is submitted, and once per browser when the optional verified-session
cookie is bootstrapped.

Data stored locally on your site: TrustSig writes a verification log to
your own WordPress database (custom tables) that includes visitor IP addresses,
the action attempted, and the verdict. This data is not sent to TrustSig; you
can clear it at any time from Settings TrustSig Tools.

By installing and activating this plugin you (the site administrator) consent to
this data being sent to TrustSig so that requests can be verified. Inform your
own site’s visitors as required by your local privacy obligations.

  • Terms of Service: https://trustsig.eu/terms-of-service/
  • Privacy Policy: https://trustsig.eu/privacy

Screenshots

No screenshots provided

Similar Plugins:

Rating Widget: Post Rating, 5 Star Rating, Reviews, Thumbs Up & Down, Reaction Default ThumbnailReviews And Rating – Google Reviews Reviews Feed – Google Reviews & Yelp Reviews Plugin

Reviews & Comments