外掛標籤
開發者團隊
原文外掛簡介
Bots do not need to break into your site to cost you time. They can hammer login pages, flood comment forms, and push junk through public forms until your inbox, moderation queue, or customer workflow becomes noisy.
ProofShield adds a practical protection layer at the places where automated abuse usually enters a WordPress site: login, comments, and forms. It uses self-hosted browser proof-of-work, hidden bot traps, replay protection, and clear admin visibility so you can reduce automated submissions without adding an external CAPTCHA service for core protection.
Why ProofShield?
Protect the entry points bots actually hit: WordPress login, comments, and selected forms.
Keep core protection local: no external API key is required for the proof-of-work challenge.
Stay usable for real visitors: the browser creates the proof quietly in the background.
See what happened: the statistics view shows allowed and blocked events by context.
Tune the level: choose relaxed, balanced, or strict behavior for your site.
Keep privacy decisions visible: optional location statistics can be disabled.
What the free plugin protects
WordPress login forms.
WordPress comment forms.
Generic HTML forms selected by CSS selector.
Frontend forms that can carry normal hidden fields.
Basic security statistics and recent event context.
Optional anonymized location statistics for blocked activity.
How it works
When a protected form is used, ProofShield asks the browser to create a small local proof before the request is accepted. Bots that skip JavaScript, reuse old tokens, submit too quickly, or miss the hidden ProofShield fields are blocked before the protected action is processed.
For real visitors, the status card is short and clear. For site owners, the admin area shows which protection areas are active and what ProofShield has seen recently.
Privacy-first by default
Core protection works locally and does not require an external API key.
The WordPress.org free plugin does not require account registration to run core features.
Location statistics are optional and can be disabled.
For location statistics, only anonymized IP ranges are stored.
Security/statistics events are retained for up to 30 days and deleted automatically.
WordPress personal data tools are supported for relevant ProofShield settings workflows.
Optional world map view can be disabled and is rendered locally in wp-admin.
Need more later?
ProofShield is built so you can start with local core protection and upgrade only if your site needs deeper integrations. An optional separate Pro plugin, sold outside WordPress.org, adds advanced form integrations, WooCommerce login protection, dynamic form support, configured AJAX/REST endpoint protection, and Secure+ risk scoring.
The free WordPress.org plugin remains useful on its own: login, comments, generic forms, local proof-of-work, and basic statistics are included.
External services
ProofShield can use external Geo-IP services for optional location statistics in the admin statistics view.
When location statistics are enabled and the plugin needs approximate country/latitude/longitude data for a blocked IP address, it sends the visitor IP address to one of these services:
ipapi.co by Kloudend, used to look up approximate country and coordinates for blocked-IP statistics.
Privacy policy: https://ipapi.co/privacy/
Terms: https://ipapi.co/terms/
ipwho.is (service provided by ipwhois.io), used as a fallback to look up approximate country and coordinates for blocked-IP statistics.
Privacy policy: https://ipwhois.io/privacy
Terms: https://ipwhois.io/terms
No separate account is required to use this optional feature.
Core ProofShield protection (login, comments, and form protection) works locally and does not require these external services.
Third-party assets
ProofShield bundles a local world map dataset for the optional statistics map in wp-admin.
world-atlas by Mike Bostock, used as a bundled TopoJSON redistribution for the local world map rendering.
Package: https://www.npmjs.com/package/world-atlas
License: ISC
Bundled files used by ProofShield: assets/data/countries-110m.json, assets/data/land-110m.json
The bundled map geometry in assets/data/countries-110m.json and assets/data/land-110m.json is based on Natural Earth public domain map data.
Source: https://www.naturalearthdata.com/
Terms of use: https://www.naturalearthdata.com/about/terms-of-use/
world-countries-centroids by Gavin Rehkemper, used as a bundled centroid dataset so country markers can be placed near the center of each country on the local map.
Source: https://github.com/gavinr/world-countries-centroids
License: MIT
Bundled file used by ProofShield: assets/data/country-centroids.csv
The bundled world map is rendered locally in the browser and does not contact any external map service.
