RealNode Anti-Scalper

Description

RealNode Anti-Scalper protects WooCommerce stores against automated purchasing bots and inventory hoarding. It integrates hardware-level identity verification directly into the checkout flow.

When a customer clicks “Place Order”, RealNode requests a cryptographic proof from their device (TouchID, FaceID, or Windows Hello). This proof is generated inside the device’s secure enclave and validated server-side before the order is processed.

Three service tiers

  • RN Insight — Passive monitoring. Collects device signals without interrupting checkout.
  • RN Sentinel — Active protection. Biometric verification is required at checkout for every order.
  • RN Vault — Event-level control. Enforces per-user purchase quotas for high-demand ticket releases.

Key properties

  • No personal data collected — only anonymous hardware identifiers (IDH) are transmitted
  • No friction for real users — verification completes in under 1 second using native device biometrics
  • No performance impact — the SDK loads asynchronously and does not affect page speed
  • No server maintenance — fully managed SaaS infrastructure
  • Fail-open by design — if the RealNode service is unreachable, checkout proceeds normally

Requirements

  • An active RealNode account at realnode.emkaylabs.tech
  • WooCommerce 6.0 or later
  • Modern browsers with WebAuthn support (Chrome 67+, Firefox 60+, Safari 14+)

External services

This plugin communicates with the RealNode API to provide hardware-backed bot protection. Two endpoints are used:

  1. RealNode SDK (api.emkaylabs.tech): The plugin loads the RealNode JavaScript SDK on checkout pages to trigger the WebAuthn/FIDO2 verification prompt. Only anonymous hardware hashes (IDH) are transmitted — no personal data.
  2. RealNode Backend API (rn-v3-elite.onrender.com): The plugin makes a server-to-server call to validate the cryptographic token generated during checkout and enforce purchase quotas. Data sent includes the ticket quantity and the anonymous hardware hash (IDH).

This service is operated by EMKAY LABS.

  • Service page and legal information: https://realnode.emkaylabs.tech

Installation

  1. Upload the realnode-antiscalper folder to /wp-content/plugins/
  2. Activate the plugin through the Plugins menu in WordPress
  3. Go to Settings > RealNode Anti-Scalper
  4. Paste your pk_live_... Public API key and your sk_live_... Secret key
  5. Click Save Settings — protection is now active on your checkout

FAQ

Do I need to touch any code?

No. The plugin automatically injects the SDK on checkout and cart pages and protects the WooCommerce “Place Order” button without any coding required.

What happens to customers who don’t have a compatible device?

The plugin is fail-open by design. If a device does not support WebAuthn, verification is skipped and checkout proceeds normally. No legitimate customer is ever blocked.

Does this slow down my site?

No. The SDK loads only on cart and checkout pages, asynchronously, with no runtime dependencies. It has no effect on page speed for the rest of the site.

Is my customers’ biometric data sent to RealNode?

No. Biometric data never leaves the device. WebAuthn generates a cryptographic signature inside the device hardware. RealNode receives only an anonymous hash — never the fingerprint or face scan itself.

Is the Secret Key (sk_live_) safe in WordPress?

Yes. The Secret Key is stored as a WordPress option and is only used in server-side PHP calls via wp_remote_post(). It is never exposed to the browser or included in any JavaScript output.

Which WooCommerce checkout types are supported?

Both the classic shortcode checkout ([woocommerce_checkout]) and the modern block-based checkout are supported. The plugin uses multiple CSS selectors to locate the “Place Order” button across different themes.

What is the difference between Sentinel and Vault?

Sentinel requires biometric verification at every checkout. Vault adds a purchase quota per user per event — each user can only buy a set number of tickets, enforced by hardware attestation.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“RealNode Anti-Scalper” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.1.1

  • Updated external service URLs in readme.txt.
  • Updated event_id field description.

1.1.0

  • Added multi-tier support: RN Insight, RN Sentinel, RN Vault.
  • Added Secret Key (sk_live_) field for secure backend validation.
  • Added device_token field to backend /consume validation payload.
  • SDK injection restricted to cart and checkout pages only.
  • Added fail-open logic with 5-second timeout on backend API calls.
  • Added 30-second modal timeout with automatic fail-open fallback.

1.0.0

  • Initial release.
  • SDK injection with async loading.
  • WooCommerce “Place Order” button protection.
  • Settings page with API key and endpoint configuration.
  • Graceful fail-open on unsupported devices.