外掛標籤
開發者團隊
② 後台搜尋「Crovly – Proof of Work Captcha & Spam Protection」→ 直接安裝(推薦)
原文外掛簡介
Crovly is a privacy-first captcha service powered by Proof of Work. Unlike traditional captchas that rely on image puzzles (easily solved by AI) or invasive tracking, Crovly makes the visitor’s browser do computational work to prove it’s not a bot.
How it works:
Your visitor’s browser solves a small cryptographic puzzle (Proof of Work)
Browser fingerprint and environment signals are collected (as a hash — no personal data stored)
Behavioral analysis detects automated patterns (mouse, keyboard, scroll)
A composite score determines if the visitor is human
Key features:
Privacy-friendly — No cookies, no cross-site tracking
No image puzzles — Invisible to legitimate users
Resistant to AI vision attacks — Proof of Work cannot be solved by image recognition
IP binding — Tokens are bound to the solver’s IP address
Adaptive difficulty — Suspicious visitors receive harder challenges
22+ integrations — Works with major WordPress form plugins
Lightweight — Widget is under 25KB gzipped, zero dependencies, 42 languages
Supported integrations:
WordPress login, registration, lost password, comments
WooCommerce (checkout, login, register, lost password, pay for order)
Contact Form 7
WPForms
Gravity Forms
Elementor Pro Forms
Ninja Forms
Fluent Forms
Formidable Forms
Forminator
Jetpack Contact Form
Divi (contact form, login)
BuddyPress (registration, activity)
bbPress (topics, replies)
Ultimate Member (login, register, password reset)
MemberPress (checkout, login)
Paid Memberships Pro
Easy Digital Downloads
Mailchimp for WordPress
GiveWP
wpDiscuz
wpForo
WordPress Multisite signup
Shortcode & PHP support:
Use [crovly] shortcode in any page or post, or call crovly_render() and crovly_verify() in your theme templates.
External services
This plugin relies on the Crovly captcha service to function. It connects to two external endpoints:
1. Crovly Widget CDN (get.crovly.com)
The plugin loads the JavaScript widget from https://get.crovly.com/widget.js on any page that contains a protected form. The widget runs Proof of Work in the visitor’s browser and collects a hashed browser fingerprint.
When: Loaded on frontend pages that display a protected form (login, register, comment, checkout, etc.)
What is sent: Standard HTTP request headers (IP address, user agent). No personal data.
Terms of Service: https://crovly.com/terms
Privacy Policy: https://crovly.com/privacy
2. Crovly Verification API (api.crovly.com)
When a visitor submits a protected form, the plugin sends the generated captcha token to https://api.crovly.com/verify-token for server-side verification.
When: On form submission of any form protected by Crovly.
What is sent: The captcha token (opaque string), the visitor’s IP address (for IP binding), and your Secret Key (for authentication).
What is received: A success/failure response indicating whether the token is valid.
Terms of Service: https://crovly.com/terms
Privacy Policy: https://crovly.com/privacy
Both services are operated by Crovly. No data is shared with third parties. The plugin does not set cookies or track visitors across sites.
