[WordPress] 外掛分享： CommVatar – Custom Avatars, Captcha & Comment Socialiser

外掛標籤

開發者團隊

原文外掛簡介

CommVatar – Custom Avatars, Captcha & Comment Socialiser transforms your WordPress comment section into a thriving social engagement hub. Go beyond the default comment system with custom avatars, activity feeds, gamification badges, and intelligent spam protection.
Core Features

Custom Avatar Uploads — Let users upload and crop their own comment avatars with an integrated image cropper
Comment History Hub — Users can view and navigate all their past comments from a single panel
Role-Based Gamification Badges — Automatic badges for Admins, Moderators, Post Authors, Top Commenters, Most Loved, and New Members
Reddit-Style Voting — Like/Dislike system with IP-based duplicate vote prevention
Top Commenters Widget — Sidebar widget showing your most active community members with medals
Community Moderation — Users can flag inappropriate comments for admin review
Rich Text Editor — Replace the plain textarea with a TinyMCE-powered comment editor
Image Attachments — Allow users to attach images to their comments with a lightbox viewer

Spam Defense Layer

6 CAPTCHA Providers — Math, Word, Google reCAPTCHA v2, reCAPTCHA v3, hCaptcha, Cloudflare Turnstile
Invisible Honeypot Traps — Catch bots without user interaction
Time-Based Traps — Detect suspiciously fast form submissions
AI-Powered NSFW Filter — Sightengine integration blocks explicit image uploads
AJAX-Driven CAPTCHAs — Bypass page caching for always-fresh challenges

WooCommerce Compatible
CAPTCHA protection extends to WooCommerce login, registration, and lost password forms.
Dashboard Analytics

Live spam interception feed with IP tracking
7-day engagement chart (comments vs spam)
Community moderation queue with one-click actions

Third-Party Services
This plugin connects to external third-party services under specific conditions. No data is sent to any external service unless the site administrator explicitly enables the feature and provides API keys. All connections use the WordPress HTTP API.
1. Sightengine — AI Image Moderation

What it does: Scans uploaded avatar and comment attachment images for NSFW, violent, or explicit content using AI models.
When it’s used: Only when the administrator enables “NSFW Image Filter” in plugin settings AND provides Sightengine API credentials.
Data sent: The uploaded image file (binary), API user ID, API secret key.
Service URL: https://api.sightengine.com/1.0/check.json
Provider: Sightengine
Terms of Service: https://sightengine.com/policies/terms
Privacy Policy: https://sightengine.com/policies/privacy

2. Google reCAPTCHA (v2 and v3)

What it does: Protects forms (comments, login, registration, lost password) from spam and abuse using Google’s reCAPTCHA challenge system.
When it’s used: Only when the administrator selects “reCAPTCHA v2” or “reCAPTCHA v3” as the CAPTCHA provider AND provides Google API keys.
Data sent: User interaction token, secret key, client IP address (sent server-side for verification).
Service URLs:

Widget: https://www.google.com/recaptcha/api.js
Verification: https://www.google.com/recaptcha/api/siteverify

Provider: Google
Terms of Service: https://policies.google.com/terms
Privacy Policy: https://policies.google.com/privacy

3. Cloudflare Turnstile

What it does: Provides a privacy-focused CAPTCHA alternative to protect forms from bots.
When it’s used: Only when the administrator selects “Turnstile” as the CAPTCHA provider AND provides Cloudflare API keys.
Data sent: User interaction token, secret key (sent server-side for verification).
Service URLs:

Widget: https://challenges.cloudflare.com/turnstile/v0/api.js
Verification: https://challenges.cloudflare.com/turnstile/v0/siteverify

Provider: Cloudflare
Terms of Service: https://www.cloudflare.com/terms/
Privacy Policy: https://www.cloudflare.com/privacypolicy/

4. hCaptcha

What it does: Provides a privacy-respecting CAPTCHA service to protect forms from automated abuse.
When it’s used: Only when the administrator selects “hCaptcha” as the CAPTCHA provider AND provides hCaptcha API keys.
Data sent: User interaction token, secret key (sent server-side for verification).
Service URLs:

Widget: https://hcaptcha.com/1/api.js
Verification: https://hcaptcha.com/siteverify

Provider: hCaptcha (Intuition Machines, Inc.)
Terms of Service: https://www.hcaptcha.com/terms
Privacy Policy: https://www.hcaptcha.com/privacy