WordPress.org
Get WordPress
WordPress.org

Plugin Directory

Opportify Fraud Protection

Opportify Fraud Protection

By Opportify
Download

Description

Opportify Fraud Protection stops fake sign-ups, form spam, bot submissions, and fraudulent leads on every WordPress form — silently, in real time, without friction for real users.

Unlike CAPTCHA, which annoys genuine visitors, Opportify works invisibly in the background. It analyzes over 100 signals per submission — behavioral patterns, device fingerprints, email risk, IP reputation, VPN and proxy detection — and scores each one so you can automatically allow, flag, or block it.

Who This Is For

WordPress site owners and marketers tired of spam flooding their contact forms, fake leads cluttering their CRM, or bots registering fake accounts.

WooCommerce store owners who need to stop fraudulent checkouts, fake account registrations, and disposable email sign-ups before they cause damage.

Developers and agencies who want an API-backed, code-configurable fraud layer with per-integration control, risk metadata on entries, and support for version-controlled config files.

Security and operations teams who need explainable risk scores (not black-box verdicts) with per-submission breakdown of contributing factors.

Why Not Just Use CAPTCHA?

CAPTCHA hurts conversion rates for real users and is routinely bypassed by modern bots. Opportify takes a different approach: it observes behavioral signals before the form is even submitted, analyzes every signal simultaneously at the moment of submission, and delivers a risk verdict your site can act on — all in under a second, with no puzzles, no friction, and no false positives for legitimate visitors.

What It Detects

  • Disposable and temporary email addresses
  • High-risk and known-fraud email domains
  • VPN, proxy, Tor exit node, and datacenter IP addresses
  • Bot and automated browser behavior
  • Device fingerprint anomalies
  • Geographic and velocity anomalies
  • Mismatched or suspicious behavioral signals

Risk Levels

Every submission receives a score and one of five plain-language risk levels:

  • Lowest and Low — Healthy submissions. Genuine users, clean signals.
  • Medium — Caution. Worth a closer look, but not necessarily fraudulent.
  • High and Highest — Risky submissions. Likely spam, bots, or fraud. Block or flag automatically.

Per-Integration Actions

For each supported form plugin, you can independently configure what happens at each risk level:

  • Allow — Submission proceeds normally
  • Flag — Submission proceeds, but risk score, level, and contributing factors are saved as metadata (visible in WP Admin with a Risk column added to comments, users, and orders)
  • Block — Submission is rejected with a customizable error message

Supported Form Integrations

Supported Newsletter & CRM Integrations

Key Features

  • Real-time fraud and spam detection on every form submission
  • Client-side behavioral fingerprinting via the Opportify JS SDK (loads automatically, no configuration needed)
  • Server-side AI analysis via the Opportify Fraud Protection API
  • 5-level risk scoring with explainable contributing factors
  • Per-integration configuration — different rules for contact forms vs. registrations vs. checkouts
  • Reports dashboard with risk distribution charts, submission log, and health checklist
  • Risk metadata columns in WP Comments, Users, and WooCommerce Orders list tables
  • Config file support (opportify-config.php) for DevOps, Bedrock, Trellis, and staging pipelines
  • Skip admins option to avoid false positives during development and testing
  • Automatic log cleanup via WP-Cron (configurable retention, default 90 days)
  • Compatible with WP Rocket, LiteSpeed Cache, W3 Total Cache, Autoptimize, and other caching plugins
  • Translated into 10 languages: German, Spanish, French, Italian, Japanese, Dutch, Polish, Portuguese (Brazil), Russian, and Simplified Chinese

How It Works

  1. The Opportify JS SDK loads silently in your site header. It collects behavioral signals — mouse movement, keystroke timing, scroll depth, device entropy — and generates a session fingerprint.
  2. When a form is submitted, the SDK attaches a behavioral token to the submission automatically.
  3. The Opportify PHP SDK sends the submission to the Fraud Protection API for analysis: email risk, IP intelligence, device signals, behavioral correlation, and more.
  4. Based on your configured thresholds, the plugin allows, flags, or blocks the submission — instantly.

No CAPTCHA. No user friction. No separate configuration per form.

Reports Dashboard

The plugin’s Reports page gives you a clear view of your site’s submission health:

  • Health checklist — confirms your API keys, connection status, and active integrations at a glance
  • Risk distribution chart — donut chart showing the split between Healthy, Caution, and Risky submissions
  • Submissions by integration — bar chart showing which forms receive the most risk
  • Submission log — filterable table with date, integration, email, IP, score, risk level, action taken, and contributing factors
  • Dashboard link — access detailed trend analysis and advanced filters in the Opportify Dashboard

External Services

This plugin connects to two Opportify services:

  • Fraud Protection API (https://api.opportify.ai) — analyzes each submission server-side using your private API key. Data sent: email address, IP address, and behavioral signals from the JS SDK.
  • JS SDK CDN (https://cdn.opportify.ai) — loads the client-side behavioral telemetry script using your public key. The client-side behavioral telemetry script is an integral component of the Opportify fraud detection service: it collects behavioral signals (typing cadence, mouse movement, device entropy, automation indicators) that are correlated server-side with the fraud analysis. Loading it from the Opportify CDN is a service integration, not a decorative asset — the plugin automatically fetches the latest script version from the CDN manifest and injects it into your site header.

Please review Opportify’s Privacy Policy and Terms of Service before activating the plugin. By activating, you agree to the transmission of submission data to Opportify’s API for fraud analysis.

Support

For questions, feedback, or assistance, visit https://www.opportify.ai/contact-us.

Screenshots

  • Reports page — risk distribution charts, health checklist, and submission log
  • Settings page — General tab with API credentials and global protection settings
  • Settings page — Integrations tab with per-integration risk action configuration
  • Submission log — filterable table with risk level badges and contributing factor pills

Installation

  1. Upload the plugin folder to /wp-content/plugins/opportify-fraud-protection/ or install directly via Plugins Add New in your WordPress admin
  2. Activate the plugin through the Plugins screen
  3. Go to Opportify Settings and enter your Private API Key and Public Key
  4. Toggle Enable Protection on the General tab
  5. Enable the specific integrations you want to protect on the Integrations tab
  6. Click Test Connection to verify your API keys are working
  7. You are live — check Opportify Reports to see submissions as they come in

FAQ

Where do I get my API keys?

Start a free trial at app.opportify.ai to get your Private API Key and Public Key. No credit card required. The free trial provides full, real API access for fraud analysis — it is not a sandbox or demo environment. You can protect live form submissions immediately after activating your trial account.

Does this replace CAPTCHA?

Yes — it is designed to be a better alternative. Opportify analyzes over 100 signals per submission without presenting any challenge to the visitor. Real users see nothing. Bots and fake submissions are scored and blocked automatically based on your thresholds.

Will it slow down my site?

No. The JS SDK loads asynchronously from a global CDN and has no impact on page rendering. The server-side API call happens during form submission processing and completes in under a second for most submissions.

Does it work with caching plugins?

Yes. The plugin is compatible with WP Rocket, LiteSpeed Cache, W3 Total Cache, Autoptimize, and other major caching plugins. The JS SDK is loaded through the standard WordPress enqueue system, so it can be managed (excluded, deferred, or combined) by your caching plugin by handle (opportify-telemetry). Note: if you change your Public Key, clear your page cache afterwards.

What does “Flag” do?

When an action is set to Flag, the submission proceeds normally but Opportify stores the risk score, risk level, and contributing factors as metadata attached to the entry. For comments, this goes into comment meta; for users, into user meta; for WooCommerce orders, into order meta. A Risk column appears in the relevant WP Admin list tables so you can review flagged entries.

What is the difference between “Flag” and “Block”?

Flag lets the submission through but records the risk data for your review. Block rejects the submission entirely and shows the visitor your custom block message. Use Flag for Medium risk levels when you want to review manually, and Block for High and Highest when you are confident in rejecting.

Can I configure settings via a file instead of the UI?

Yes. Copy opportify-config-sample.php to your WordPress root as opportify-config.php. When this file is present, all settings are loaded from it and the WordPress admin UI becomes read-only. This is useful for DevOps workflows, Bedrock/Trellis setups, and multi-environment staging pipelines where you want settings version-controlled.

Does it work with page builders and popular form plugins?

Yes. Elementor Pro Forms, Ninja Forms, Gravity Forms, WPForms, Fluent Forms, Forminator, Formidable Forms, Contact Form 7, and Mailchimp for WordPress are all supported natively.

Is it GDPR and privacy compliant?

Data sent to the Opportify API consists of the email address, IP address, and behavioral signals from the JS SDK — the minimum required for fraud analysis. No personal data is stored by the plugin beyond the risk score and factors in your own WordPress database. Review Opportify’s Privacy Policy for full details.

What happens if the Opportify API is unavailable?

If the API returns an error or is unreachable, the plugin defaults to allowing the submission through. It never blocks submissions due to a service disruption.

Does it affect logged-in administrators?

Not by default. The Skip Admins option is enabled by default, which bypasses fraud checks for users with the manage_options capability. You can disable this in Settings if needed.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Opportify Fraud Protection” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Opportify Fraud Protection” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.1

  • Add WordPress.org plugin directory assets (icons and screenshots)

1.0.0

  • Initial release

Meta

Ratings

No reviews have been submitted yet.

Your review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum