Title: RealNode Anti-Scalper
Author: emkaylabs
Published: <strong>July 12, 2026</strong>
Last modified: July 12, 2026

---

Search plugins

![](https://s.w.org/plugins/geopattern-icon/realnode-anti-scalper.svg)

# RealNode Anti-Scalper

 By [emkaylabs](https://profiles.wordpress.org/emkaylabs/)

[Download](https://downloads.wordpress.org/plugin/realnode-anti-scalper.1.1.1.zip)

 * [Details](https://wordpress.org/plugins/realnode-anti-scalper/#description)
 * [Reviews](https://wordpress.org/plugins/realnode-anti-scalper/#reviews)
 *  [Installation](https://wordpress.org/plugins/realnode-anti-scalper/#installation)
 * [Development](https://wordpress.org/plugins/realnode-anti-scalper/#developers)

 [Support](https://wordpress.org/support/plugin/realnode-anti-scalper/)

## Description

RealNode Anti-Scalper protects WooCommerce stores against automated purchasing bots
and inventory hoarding. It integrates hardware-level identity verification directly
into the checkout flow.

When a customer clicks “Place Order”, RealNode requests a cryptographic proof from
their device (TouchID, FaceID, or Windows Hello). This proof is generated inside
the device’s secure enclave and validated server-side before the order is processed.

#### Three service tiers

 * **RN Insight** — Passive monitoring. Collects device signals without interrupting
   checkout.
 * **RN Sentinel** — Active protection. Biometric verification is required at checkout
   for every order.
 * **RN Vault** — Event-level control. Enforces per-user purchase quotas for high-
   demand ticket releases.

#### Key properties

 * **No personal data collected** — only anonymous hardware identifiers (IDH) are
   transmitted
 * **No friction for real users** — verification completes in under 1 second using
   native device biometrics
 * **No performance impact** — the SDK loads asynchronously and does not affect 
   page speed
 * **No server maintenance** — fully managed SaaS infrastructure
 * **Fail-open by design** — if the RealNode service is unreachable, checkout proceeds
   normally

#### Requirements

 * An active RealNode account at [realnode.emkaylabs.tech](https://realnode.emkaylabs.tech)
 * WooCommerce 6.0 or later
 * Modern browsers with WebAuthn support (Chrome 67+, Firefox 60+, Safari 14+)

### External services

This plugin communicates with the RealNode API to provide hardware-backed bot protection.
Two endpoints are used:

 1. **RealNode SDK (api.emkaylabs.tech):** The plugin loads the RealNode JavaScript
    SDK on checkout pages to trigger the WebAuthn/FIDO2 verification prompt. Only anonymous
    hardware hashes (IDH) are transmitted — no personal data.
 2. **RealNode Backend API (rn-v3-elite.onrender.com):** The plugin makes a server-
    to-server call to validate the cryptographic token generated during checkout and
    enforce purchase quotas. Data sent includes the ticket quantity and the anonymous
    hardware hash (IDH).

This service is operated by EMKAY LABS.

 * Service page and legal information: https://realnode.emkaylabs.tech

## Installation

 1. Upload the `realnode-antiscalper` folder to `/wp-content/plugins/`
 2. Activate the plugin through the **Plugins** menu in WordPress
 3. Go to **Settings > RealNode Anti-Scalper**
 4. Paste your `pk_live_...` Public API key and your `sk_live_...` Secret key
 5. Click **Save Settings** — protection is now active on your checkout

## FAQ

### Do I need to touch any code?

No. The plugin automatically injects the SDK on checkout and cart pages and protects
the WooCommerce “Place Order” button without any coding required.

### What happens to customers who don’t have a compatible device?

The plugin is fail-open by design. If a device does not support WebAuthn, verification
is skipped and checkout proceeds normally. No legitimate customer is ever blocked.

### Does this slow down my site?

No. The SDK loads only on cart and checkout pages, asynchronously, with no runtime
dependencies. It has no effect on page speed for the rest of the site.

### Is my customers’ biometric data sent to RealNode?

No. Biometric data never leaves the device. WebAuthn generates a cryptographic signature
inside the device hardware. RealNode receives only an anonymous hash — never the
fingerprint or face scan itself.

### Is the Secret Key (sk_live_) safe in WordPress?

Yes. The Secret Key is stored as a WordPress option and is only used in server-side
PHP calls via `wp_remote_post()`. It is never exposed to the browser or included
in any JavaScript output.

### Which WooCommerce checkout types are supported?

Both the classic shortcode checkout (`[woocommerce_checkout]`) and the modern block-
based checkout are supported. The plugin uses multiple CSS selectors to locate the“
Place Order” button across different themes.

### What is the difference between Sentinel and Vault?

Sentinel requires biometric verification at every checkout. Vault adds a purchase
quota per user per event — each user can only buy a set number of tickets, enforced
by hardware attestation.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“RealNode Anti-Scalper” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ emkaylabs ](https://profiles.wordpress.org/emkaylabs/)

[Translate “RealNode Anti-Scalper” into your language.](https://translate.wordpress.org/projects/wp-plugins/realnode-anti-scalper)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/realnode-anti-scalper/),
check out the [SVN repository](https://plugins.svn.wordpress.org/realnode-anti-scalper/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/realnode-anti-scalper/)
by [RSS](https://plugins.trac.wordpress.org/log/realnode-anti-scalper/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.1.1

 * Updated external service URLs in readme.txt.
 * Updated event_id field description.

#### 1.1.0

 * Added multi-tier support: RN Insight, RN Sentinel, RN Vault.
 * Added Secret Key (sk_live_) field for secure backend validation.
 * Added device_token field to backend /consume validation payload.
 * SDK injection restricted to cart and checkout pages only.
 * Added fail-open logic with 5-second timeout on backend API calls.
 * Added 30-second modal timeout with automatic fail-open fallback.

#### 1.0.0

 * Initial release.
 * SDK injection with async loading.
 * WooCommerce “Place Order” button protection.
 * Settings page with API key and endpoint configuration.
 * Graceful fail-open on unsupported devices.

## Meta

 *  Version **1.1.1**
 *  Last updated **13 hours ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 5.8 or higher **
 *  Tested up to **7.0.1**
 *  PHP version ** 7.4 or higher **
 * Tags
 * [anti-bot](https://wordpress.org/plugins/tags/anti-bot/)[bot protection](https://wordpress.org/plugins/tags/bot-protection/)
   [captcha](https://wordpress.org/plugins/tags/captcha/)[checkout security](https://wordpress.org/plugins/tags/checkout-security/)
   [fraud prevention](https://wordpress.org/plugins/tags/fraud-prevention/)
 *  [Advanced View](https://wordpress.org/plugins/realnode-anti-scalper/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/realnode-anti-scalper/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/realnode-anti-scalper/reviews/)

## Contributors

 *   [ emkaylabs ](https://profiles.wordpress.org/emkaylabs/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/realnode-anti-scalper/)