{"id":303274,"date":"2026-05-07T14:27:10","date_gmt":"2026-05-07T14:27:10","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/sos-anti-spam-privacy-first-spam-protection\/"},"modified":"2026-05-07T14:26:50","modified_gmt":"2026-05-07T14:26:50","slug":"sos-captcha","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/sos-captcha\/","author":10498473,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.71","stable_tag":"1.0.71","tested":"6.9.4","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"SOS Captcha \u2014 Privacy-First Spam Protection","header_author":"Nicolas LESCURE \/ RadicalSolution","header_description":"Intelligent slider validation system to protect your forms and comments from spam","assets_banners_color":"8d85d2","last_updated":"2026-05-07 14:26:50","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/sos-captcha.com","header_author_uri":"https:\/\/radicalsolution.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":26,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.71":{"tag":"1.0.71","author":"solariane","date":"2026-05-07 14:26:50"}},"upgrade_notice":{"1.0.71":"<p>Pro honeypot and browser-fingerprint features now actually work end-to-end. Pair with Pro 1.0.10.<\/p>","1.0.70":"<p><strong>Critical:<\/strong> fixes slider validation silently failing at the last checkpoint. Pair with 1.0.69. Update immediately.<\/p>","1.0.69":"<p><strong>Critical:<\/strong> fixes the slider challenge not loading on protected forms (admin-ajax 400). Update immediately \u2014 without it, no form on the site is actually being protected.<\/p>","1.0.68":"<p>WP.org Plugin Check compliance pass \u2014 escaping, translators comment, load_plugin_textdomain removal.<\/p>","1.0.67":"<p>Fixes Pro integration toggles silently failing to save. Recommended.<\/p>","1.0.66":"<p>Translation refresh. Pair with Pro 1.0.8.<\/p>","1.0.65":"<p>Critical: fixes silent save failures on Settings\/Integrations and a fatal error on the Compare-plans page. Update strongly recommended.<\/p>","1.0.64":"<p>Pro integration cards now visible (locked) without installing Pro. Color presets restored. Recommended.<\/p>","1.0.63":"<p>Settings page now shows Pro features as locked previews instead of hiding them. Statistics gets a locked menu entry. Recommended.<\/p>","1.0.61":"<p>Compare-plans page rebuilt with proper 4-tier pricing and full translations restored. Recommended.<\/p>","1.0.60":"<p>Fixes admin translations on manually-uploaded installs and adds a &quot;Pro&quot; lock badge on premium integrations. Recommended.<\/p>","1.0.59":"<p>Fix: admin JS file renamed to match the prefixed enqueue path \u2014 clears a 404 in the admin console.<\/p>","1.0.57":"<p>Critical fix: 1.0.56 caused a fatal error on activation due to mismatched class file names. Update strongly recommended.<\/p>","1.0.56":"<p>Form-traveling input names are now prefixed (<code>soscaptcha_*<\/code>) to avoid collisions with other plugins. Auto-applied; no action needed.<\/p>","1.0.55":"<p>CSS classes and script handles are now prefixed <code>soscaptcha-<\/code> for WordPress.org compliance. Visual rendering unchanged.<\/p>","1.0.54":"<p>PHP class\/function prefix is now <code>SOSCAPTCHA_<\/code> \/ <code>soscaptcha_<\/code> per WordPress.org guidelines. No functional change for visitors.<\/p>","1.0.53":"<p>Plugin split into a free build and an optional companion plugin (sos-captcha-pro) loaded via filter\/action hooks. Existing free settings preserved.<\/p>","1.0.52":"<p>Source assets in the free ZIP are stripped of dev comments. No functional change.<\/p>","1.0.51":"<p>WordPress.org compliance pass: source code visibility, trialware removal, AJAX nonce check. No functional change for existing users.<\/p>","1.0.50":"<p>Rebrand to &quot;SOS Captcha&quot; with new slug. New installs from WordPress.org will use sos-captcha as the directory and text-domain.<\/p>","1.0.49":"<p>WordPress.org compliance pass. AJAX actions are now prefixed with sos_; no functional change for visitors.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3525644,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3525644,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3525644,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3525644,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.71"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3525644,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3525644,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3525644,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3525644,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3525644,"resolution":"5","location":"assets","locale":""},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3525644,"resolution":"6","location":"assets","locale":""},"screenshot-7.png":{"filename":"screenshot-7.png","revision":3525644,"resolution":"7","location":"assets","locale":""}},"screenshots":{"1":"Interactive slider challenge \u2014 login protection","2":"Interactive slider challenge \u2014 account protection","3":"Interactive slider challenge \u2014 comment protection","4":"Contact Form 7 integration example","5":"Many Integrations available","6":"Customizable colors to match your brand","7":"avoid unnecessary challenges"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2656,262186,358,396,239424],"plugin_category":[54],"plugin_contributors":[262187],"plugin_business_model":[],"class_list":["post-303274","plugin","type-plugin","status-publish","hentry","plugin_tags-anti-spam","plugin_tags-captcha-alternative","plugin_tags-contact-form","plugin_tags-privacy","plugin_tags-recaptcha-alternative","plugin_category-security-and-spam-protection","plugin_contributors-solariane","plugin_committers-solariane"],"banners":{"banner":"https:\/\/ps.w.org\/sos-captcha\/assets\/banner-772x250.png?rev=3525644","banner_2x":"https:\/\/ps.w.org\/sos-captcha\/assets\/banner-1544x500.png?rev=3525644","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/sos-captcha\/assets\/icon-128x128.png?rev=3525644","icon_2x":"https:\/\/ps.w.org\/sos-captcha\/assets\/icon-256x256.png?rev=3525644","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/sos-captcha\/assets\/screenshot-1.png?rev=3525644","caption":"Interactive slider challenge \u2014 login protection"},{"src":"https:\/\/ps.w.org\/sos-captcha\/assets\/screenshot-2.png?rev=3525644","caption":"Interactive slider challenge \u2014 account protection"},{"src":"https:\/\/ps.w.org\/sos-captcha\/assets\/screenshot-3.png?rev=3525644","caption":"Interactive slider challenge \u2014 comment protection"},{"src":"https:\/\/ps.w.org\/sos-captcha\/assets\/screenshot-4.png?rev=3525644","caption":"Contact Form 7 integration example"},{"src":"https:\/\/ps.w.org\/sos-captcha\/assets\/screenshot-5.png?rev=3525644","caption":"Many Integrations available"},{"src":"https:\/\/ps.w.org\/sos-captcha\/assets\/screenshot-6.png?rev=3525644","caption":"Customizable colors to match your brand"},{"src":"https:\/\/ps.w.org\/sos-captcha\/assets\/screenshot-7.png?rev=3525644","caption":"avoid unnecessary challenges"}],"raw_content":"<!--section=description-->\n<p><strong>Stop spam without collecting visitor data.<\/strong><\/p>\n\n<p>SOS Captcha protects your WordPress forms with an interactive slider challenge. Visitors drag a handle along a track to prove they are human. The plugin runs entirely on your own server \u2014 no tracking, no cookies, no external services.<\/p>\n\n<h3>Privacy by design<\/h3>\n\n<ul>\n<li>No tracking pixels or analytics<\/li>\n<li>No cookies stored<\/li>\n<li>No data sent to external services<\/li>\n<li>GDPR, CCPA, and ePrivacy friendly<\/li>\n<li>All validation happens on your server<\/li>\n<\/ul>\n\n<h3>Visitor-friendly slider<\/h3>\n\n<ul>\n<li>Touch-friendly interaction works on mobile<\/li>\n<li>Most visitors complete it in a few seconds<\/li>\n<li>Smooth animation on success<\/li>\n<\/ul>\n\n<h3>How the protection works<\/h3>\n\n<ul>\n<li>Unique cryptographic tokens per session<\/li>\n<li>Random checkpoint positions (up to 8 in Free, 15 in Premium)<\/li>\n<li>Server-side timing validation<\/li>\n<li>Rate limiting (configurable, 60s default)<\/li>\n<li>Behavioral analysis (Premium)<\/li>\n<li>Honeypot fields and browser fingerprinting (Premium)<\/li>\n<\/ul>\n\n<h3>Form integrations<\/h3>\n\n<ul>\n<li>Contact Form 7 (Free)<\/li>\n<li>WordPress Comments (Free)<\/li>\n<li>WPForms (Premium)<\/li>\n<li>Gravity Forms (Premium)<\/li>\n<li>Ninja Forms (Premium)<\/li>\n<li>WooCommerce checkout, registration &amp; reviews (Premium)<\/li>\n<\/ul>\n\n<h3>Authentication form protection (Premium)<\/h3>\n\n<ul>\n<li>WordPress login form (<code>wp-login.php<\/code>) \u2014 protect against brute-force attacks<\/li>\n<li>User registration form \u2014 prevent bot-generated accounts<\/li>\n<li>Lost-password form \u2014 block password-reset email spam<\/li>\n<\/ul>\n\n<h3>How it works<\/h3>\n\n<p>SOS presents a slider with randomly positioned checkpoints. Visitors slide a cursor along the track to activate each checkpoint in sequence. Each session generates unique cryptographic tokens with millions of possible combinations and server-side timing validation. Premium plans add behavioral analysis on top.<\/p>\n\n<h3>Free vs Premium<\/h3>\n\n<p><strong>Free version includes:<\/strong><\/p>\n\n<ul>\n<li>Unlimited forms and submissions<\/li>\n<li>Contact Form 7 integration<\/li>\n<li>WordPress comments protection<\/li>\n<li>Customizable appearance (colors, text)<\/li>\n<li>Up to 8 checkpoints per challenge<\/li>\n<li>Full GDPR compliance<\/li>\n<li>Community support<\/li>\n<\/ul>\n\n<p><strong>Premium features:<\/strong><\/p>\n\n<ul>\n<li>WPForms, Gravity Forms, Ninja Forms integrations<\/li>\n<li>WooCommerce protection (checkout, registration, reviews)<\/li>\n<li>WordPress login, registration, and lost-password protection<\/li>\n<li>Advanced behavioral detection<\/li>\n<li>Browser fingerprinting<\/li>\n<li>Honeypot fields<\/li>\n<li>Local statistics dashboard (privacy-first, no data leaves your server)<\/li>\n<li>Priority email support<\/li>\n<li>White-label (remove badge)<\/li>\n<li>Up to 15 checkpoints per challenge<\/li>\n<\/ul>\n\n<p><a href=\"https:\/\/sos-captcha.com\/#pricing\">Upgrade to Premium<\/a> \u2014 from \u20ac4.99\/month or \u20ac47\/year.<\/p>\n\n<h3>Technical Highlights<\/h3>\n\n<ul>\n<li><strong>Cryptographic security:<\/strong> Unique tokens per session with server-side validation<\/li>\n<li><strong>No database bloat:<\/strong> Uses WordPress transients (auto-cleanup)<\/li>\n<li><strong>Lightweight:<\/strong> Under 20KB total assets<\/li>\n<li><strong>Performance:<\/strong> Cached responses, minimal server load<\/li>\n<li><strong>Developer-friendly:<\/strong> Hooks and filters for customization<\/li>\n<li><strong>Translation-ready:<\/strong> 10 languages included (EN, FR, DE, ES, IT, PT-BR, AR, JA, ZH, HI)<\/li>\n<\/ul>\n\n<h3>Compliance<\/h3>\n\n<ul>\n<li>GDPR Article 25 (Privacy by Design)<\/li>\n<li>CCPA compliant (no personal data collection)<\/li>\n<li>ePrivacy Directive compliant (no cookies)<\/li>\n<\/ul>\n\n<h3>Support &amp; Documentation<\/h3>\n\n<ul>\n<li>Documentation at https:\/\/sos-captcha.com<\/li>\n<li>Community forum (Free)<\/li>\n<li>Email support (Premium)<\/li>\n<li>French and English support<\/li>\n<\/ul>\n\n<h3>Source Code<\/h3>\n\n<p>The plugin ZIP ships both the human-readable source (<code>assets\/challenge-slider.js<\/code>, <code>admin\/js\/sos-admin.js<\/code>, <code>assets\/*.css<\/code>, <code>admin\/css\/*.css<\/code>) and the minified production builds (<code>.min.js<\/code>, <code>.min.css<\/code>). WordPress loads the minified versions in production and the source versions when <code>SCRIPT_DEBUG<\/code> is enabled (<code>define('SCRIPT_DEBUG', true)<\/code> in <code>wp-config.php<\/code>).<\/p>\n\n<h3>Privacy Policy<\/h3>\n\n<p>SOS Captcha is designed with privacy at its core:<\/p>\n\n<p><strong>Data collection:<\/strong> None. We don't collect, store, or transmit any personal data to external servers.<\/p>\n\n<p><strong>Cookies:<\/strong> None. The plugin sets no cookies.<\/p>\n\n<p><strong>External services:<\/strong> None. All processing happens on your WordPress server.<\/p>\n\n<p><strong>IP addresses:<\/strong> Not stored. Rate limiting uses transient hashes that auto-expire.<\/p>\n\n<p><strong>Statistics (Premium):<\/strong> Stored locally on your server only. Aggregated counters (blocked spam, form types) with no personally identifiable information.<\/p>\n\n<p><strong>Licensing (Premium only):<\/strong> When you activate a Premium license, your site URL and license key are sent to https:\/\/sos-captcha.com to validate the license. No user data is transmitted.<\/p>\n\n<h3>Hooks for Developers<\/h3>\n\n<ul>\n<li><code>sos_before_validation<\/code> \u2014 Modify validation parameters<\/li>\n<li><code>sos_challenge_created<\/code> \u2014 React to new challenges<\/li>\n<li><code>sos_spam_blocked<\/code> \u2014 Trigger actions when spam is blocked<\/li>\n<li><code>sos_should_show_badge<\/code> \u2014 Control badge visibility<\/li>\n<\/ul>\n\n<!--section=installation-->\n<h3>Automatic Installation<\/h3>\n\n<ol>\n<li>Go to Plugins \u2192 Add New<\/li>\n<li>Search for \"SOS Captcha\"<\/li>\n<li>Click \"Install Now\" and then \"Activate\"<\/li>\n<li>Go to Settings \u2192 SOS Captcha to configure<\/li>\n<\/ol>\n\n<h3>Manual Installation<\/h3>\n\n<ol>\n<li>Download the plugin ZIP file<\/li>\n<li>Go to Plugins \u2192 Add New \u2192 Upload Plugin<\/li>\n<li>Choose the ZIP file and click \"Install Now\"<\/li>\n<li>Activate the plugin<\/li>\n<li>Go to Settings \u2192 SOS Captcha to configure<\/li>\n<\/ol>\n\n<h3>Configuration<\/h3>\n\n<ol>\n<li>Enable protection for your desired forms (Contact Form 7, Comments, etc.)<\/li>\n<li>Adjust the number of checkpoints (default: 6; 2\u20138 allowed in Free, up to 15 in Premium)<\/li>\n<li>Customize colors to match your site's branding<\/li>\n<li>Test on a staging environment first<\/li>\n<li>Deploy to production<\/li>\n<\/ol>\n\n<p>The plugin works out-of-the-box with default settings optimized for most sites.<\/p>\n\n<!--section=faq-->\n<dl>\n<dt id=\"is%20this%20really%20gdpr%20compliant%3F\"><h3>Is this really GDPR compliant?<\/h3><\/dt>\n<dd><p>Yes. SOS Captcha:<\/p>\n\n<ul>\n<li>Collects no personal data<\/li>\n<li>Sets no cookies<\/li>\n<li>Doesn't track users<\/li>\n<li>Processes everything on your server<\/li>\n<li>Requires no consent banner<\/li>\n<\/ul><\/dd>\n<dt id=\"does%20it%20require%20javascript%3F\"><h3>Does it require JavaScript?<\/h3><\/dt>\n<dd><p>Yes \u2014 the interactive slider requires JavaScript to work. If JavaScript is disabled, the form submission is blocked to protect against simple bots. For visitors without JavaScript, we recommend keeping a secondary spam protection layer.<\/p><\/dd>\n<dt id=\"will%20this%20slow%20down%20my%20site%3F\"><h3>Will this slow down my site?<\/h3><\/dt>\n<dd><p>No. The plugin adds less than 20KB of assets and uses efficient server-side processing. Operations use WordPress transients which auto-expire. There are no external API calls.<\/p><\/dd>\n<dt id=\"can%20sophisticated%20bots%20defeat%20this%3F\"><h3>Can sophisticated bots defeat this?<\/h3><\/dt>\n<dd><p>No anti-spam solution is 100% perfect, but SOS makes automation difficult:<\/p>\n\n<ul>\n<li>Millions of possible checkpoint combinations<\/li>\n<li>Randomized positioning per session<\/li>\n<li>Server-side timing validation (too fast = rejected)<\/li>\n<li>Behavioral analysis (Premium)<\/li>\n<li>No single pattern to exploit<\/li>\n<\/ul><\/dd>\n<dt id=\"does%20it%20work%20on%20mobile%20devices%3F\"><h3>Does it work on mobile devices?<\/h3><\/dt>\n<dd><p>Yes. The slider is optimized for touch interfaces with visual feedback. Touch offset correction ensures accurate control even on small screens. Tested on iOS, Android, and tablets.<\/p><\/dd>\n<dt id=\"can%20i%20use%20it%20with%20contact%20form%207%3F\"><h3>Can I use it with Contact Form 7?<\/h3><\/dt>\n<dd><p>Yes, Contact Form 7 is fully supported in the free version. Enable it in Settings \u2192 SOS Captcha \u2192 Integrations.<\/p><\/dd>\n<dt id=\"what%20about%20wpforms%2Fgravity%20forms%2Fninja%20forms%3F\"><h3>What about WPForms\/Gravity Forms\/Ninja Forms?<\/h3><\/dt>\n<dd><p>These are supported in the Premium version.<\/p><\/dd>\n<dt id=\"can%20it%20protect%20my%20wordpress%20login%20and%20registration%20pages%3F\"><h3>Can it protect my WordPress login and registration pages?<\/h3><\/dt>\n<dd><p>Yes, in the Premium version. SOS can protect:<\/p>\n\n<ul>\n<li><code>wp-login.php<\/code> \u2014 blocks brute-force login attacks<\/li>\n<li>User registration form \u2014 prevents bot-generated accounts<\/li>\n<li>Lost-password form \u2014 stops password-reset email spam<\/li>\n<\/ul>\n\n<p>Enable these under Settings \u2192 SOS Captcha \u2192 Integrations.<\/p><\/dd>\n<dt id=\"can%20i%20customize%20the%20appearance%3F\"><h3>Can I customize the appearance?<\/h3><\/dt>\n<dd><p>Yes. You can customize:<\/p>\n\n<ul>\n<li>Gradient colors (start, middle, end)<\/li>\n<li>Label text<\/li>\n<li>Help text<\/li>\n<li>Verified text<\/li>\n<li>All text is translatable<\/li>\n<\/ul>\n\n<p>Premium users can also remove the badge for a fully white-label look.<\/p><\/dd>\n<dt id=\"is%20there%20a%20limit%20on%20submissions%3F\"><h3>Is there a limit on submissions?<\/h3><\/dt>\n<dd><p>No limits on either version. Protect unlimited forms with unlimited submissions.<\/p><\/dd>\n<dt id=\"what%20happens%20if%20a%20legitimate%20user%20fails%20the%20challenge%3F\"><h3>What happens if a legitimate user fails the challenge?<\/h3><\/dt>\n<dd><p>The challenge is designed to be easy for humans. If someone fails, they can simply try again. A rate limit (default 60s) prevents brute-force attempts.<\/p><\/dd>\n<dt id=\"can%20i%20see%20spam%20statistics%3F\"><h3>Can I see spam statistics?<\/h3><\/dt>\n<dd><p>Yes, in the Premium version. The local statistics dashboard shows blocked submissions, success\/failure rates, and per-form breakdowns. All stats are stored on your server \u2014 nothing is sent externally.<\/p><\/dd>\n<dt id=\"do%20you%20offer%20refunds%3F\"><h3>Do you offer refunds?<\/h3><\/dt>\n<dd><p>EU customers have a 14-day statutory right of withdrawal on Premium subscriptions. After that, subscriptions can be cancelled at any time and remain active until the end of the current billing period.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.71 - 2026-05-06<\/h4>\n\n<ul>\n<li>New helper <code>SOSCAPTCHA_Generator::pro_extra_fields()<\/code> \/ <code>pro_extra_fields_html()<\/code> \u2014 single source of truth for the Pro honeypot + browser-fingerprint hidden inputs that integrations need to render. Each of the 9 integration adapters (CF7, Comments, WPForms, Gravity Forms, Ninja Forms, WooCommerce reviews\/checkout\/registration, WP login\/register\/lost-password) now emits these fields when their toggles are on<\/li>\n<li>Slider JS now computes a base64-encoded JSON fingerprint (<code>{ ua, lang, tz, screen }<\/code>) on slider init and writes it into the hidden input \u2014 paired with Pro 1.0.10's rewritten validator that checks the claimed UA matches <code>$_SERVER['HTTP_USER_AGENT']<\/code> to detect automation toolkits<\/li>\n<\/ul>\n\n<h4>1.0.70 - 2026-05-06<\/h4>\n\n<ul>\n<li><strong>Critical: slider validation failed on the last checkpoint.<\/strong> The \"next checkpoint highlight\" code in <code>assets\/challenge-slider.js<\/code> ran <code>checkpointDots[lastCheckpoint + 1].style.borderColor = \u2026<\/code> after the AJAX block had already advanced <code>lastCheckpoint<\/code> to the final index \u2014 so it dereferenced <code>undefined<\/code> once the last dot was reached. The TypeError aborted the rest of <code>updatePosition<\/code>, including the <code>setTimeout<\/code> that writes collected tokens to the form's hidden <code>soscaptcha_tokens<\/code> input. End result: form submitted with empty tokens \u2192 server rejected with \"invalid_tokens\". Added a guard so the highlight only runs when there's actually a next checkpoint.<\/li>\n<\/ul>\n\n<h4>1.0.69 - 2026-05-06<\/h4>\n\n<ul>\n<li><strong>Critical fix: slider challenge wouldn't load<\/strong> (admin-ajax 400 with <code>action: soscaptcha_get_challenge_config<\/code>). The three front-end AJAX endpoints (<code>get_challenge_config<\/code>, <code>collect_token<\/code>, <code>refresh_challenge<\/code>) were registered PHP-side under the legacy <code>wp_ajax_sos_*<\/code> prefix, but the slider JS sends <code>action=soscaptcha_*<\/code> (matching the WP.org 4+ char prefix rule applied in 1.0.54). Mismatch meant <strong>every<\/strong> challenge fetch returned 400 \u2014 the slider couldn't render and form submissions on protected pages couldn't validate. PHP side now uses <code>wp_ajax_soscaptcha_*<\/code> to match.\n\n<ul>\n<li>Affected pages: every form protected by the plugin (login, comments, CF7, demo page, etc.)<\/li>\n<li>Same root-cause family as the license-activation 400 (1.0.2) and the settings auto-save 400 (1.0.65) \u2014 finally hunted down the third instance.<\/li>\n<\/ul><\/li>\n<\/ul>\n\n<h4>1.0.68 - 2026-05-06<\/h4>\n\n<ul>\n<li>Plugin Check fixes (regressions caught after 1.0.67 publish): proper escaping on the disabled-input attribute (now uses WordPress's <code>disabled()<\/code> helper instead of echoing a raw string), <code>\/* translators: *\/<\/code> comment moved adjacent to its <code>__()<\/code> call, and <code>load_plugin_textdomain()<\/code> removed (WP auto-loads translations for WP.org-hosted plugins since 4.6 \u2014 the call is flagged as discouraged)<\/li>\n<\/ul>\n\n<h4>1.0.67 - 2026-05-06<\/h4>\n\n<ul>\n<li><strong>Fix Pro integration toggles failing silently<\/strong> \u2014 the integrations save handler's allow-list was seeded with only the 2 free integrations (<code>comments<\/code>, <code>cf7<\/code>). Pro's filter (since 1.0.64) only flips lock flags on the canonical registry instead of adding entries, so any Pro toggle (<code>wpforms<\/code>, <code>gravityforms<\/code>, etc.) was silently stripped during save. The handler now seeds from <code>SOSCAPTCHA_Integrations::filtered()<\/code> so all 9 keys are accepted, with a server-side guard that still blocks Pro toggles when the license isn't active<\/li>\n<\/ul>\n\n<h4>1.0.66 - 2026-05-06<\/h4>\n\n<ul>\n<li>Translations refreshed for all 9 non-English locales (no source-string changes; pairs with Pro 1.0.8 which ships the matching superset <code>.mo<\/code>)<\/li>\n<\/ul>\n\n<h4>1.0.65 - 2026-05-06<\/h4>\n\n<ul>\n<li><strong>Fix admin Settings\/Integrations not saving<\/strong> \u2014 AJAX action names registered as <code>wp_ajax_sos_save_*<\/code> but the JS auto-save POSTed <code>action=soscaptcha_save_*<\/code>. Mismatch meant every change failed silently. Both sides now use <code>soscaptcha_save_*<\/code><\/li>\n<li><strong>Fix critical error on the \"Get Pro\" page<\/strong> \u2014 DeepL strips <code>%s<\/code> placeholders when translating short format strings, so <code>printf( 'or %s\/year (save 20%%)', $price )<\/code> blew up on PHP 8+ with <code>ArgumentCountError<\/code>. Refactored to two simpler translatable strings + runtime guard that falls back to English if the translation is missing the placeholder<\/li>\n<li>Translations regenerated; the previously broken yearly-savings line now renders cleanly in all 9 non-English locales<\/li>\n<\/ul>\n\n<h4>1.0.64 - 2026-05-06<\/h4>\n\n<ul>\n<li>Integrations grid now shows the Pro form integrations (WPForms, Gravity Forms, Ninja Forms, WooCommerce, WP login\/register\/lost-password) as locked previews even when the Pro plugin isn't installed at all \u2014 users see what's available without needing to install Pro first<\/li>\n<li>New shared data file <code>includes\/data\/integrations.php<\/code> (single source of truth, mirrors the tier matrix pattern) accessed via the new <code>SOSCAPTCHA_Integrations<\/code> helper<\/li>\n<li>Re-added the 3 gradient color presets (Classic \/ Purple \/ Ocean) to the Appearance tab; locked when no Pro license is active<\/li>\n<li>Translations: refreshed for the new locked-preview, preset, and statistics strings<\/li>\n<\/ul>\n\n<h4>1.0.63 - 2026-05-05<\/h4>\n\n<ul>\n<li>Settings page rebuilt to surface Pro features as locked previews \u2014 visitors and admins can see what each tier unlocks without installing Pro first\n\n<ul>\n<li>Validation tab: new \"Advanced bot detection\" section (behavior analysis, honeypot, browser fingerprint) shown disabled with a Pro badge until licensed<\/li>\n<li>Challenge reduction tab: new \"Auto-reload on timeout\" toggle, locked until licensed<\/li>\n<li>New \"Appearance\" tab with gradient color pickers and a \"Show \/ hide badge\" toggle, both locked until licensed<\/li>\n<\/ul><\/li>\n<li>New \"Statistics\" submenu entry in the admin sidebar (with a lock icon) when Pro isn't active \u2014 click it to see the Pro upsell page<\/li>\n<li>New <code>SOSCAPTCHA_Tiers::is_pro_active()<\/code> helper backed by the <code>soscaptcha_pro_active<\/code> filter; Pro flips it on when its license is valid<\/li>\n<\/ul>\n\n<h4>1.0.61 - 2026-05-05<\/h4>\n\n<ul>\n<li>New: single source of truth for plan tiers and feature matrix at <code>includes\/data\/tier-matrix.php<\/code> (readable through the <code>SOSCAPTCHA_Tiers<\/code> helper class). Both the free \"Get Pro\" page and the Pro plugin's \"License\" page render from it, kept in sync with sos-captcha.com pricing<\/li>\n<li>\"Get Pro\" page rebuilt: 4-tier comparison (Free \/ Starter \/ Pro \/ Agency) with monthly + yearly prices, \"MOST POPULAR\" badge on Pro, per-tier CTAs to sos-captcha.com<\/li>\n<li>Translations: regenerated all .pot\/.po\/.mo for the latest source strings (previous .mo files dated back to 1.0.50, missing dozens of strings added by the prefix renames)<\/li>\n<\/ul>\n\n<h4>1.0.60 - 2026-05-05<\/h4>\n\n<ul>\n<li>Translations: explicitly call <code>load_plugin_textdomain()<\/code> so admin strings translate on manually-uploaded installs (not just WordPress.org-distributed ones)<\/li>\n<li>Integrations grid: render Pro integrations with a \"Pro\" lock badge + Upgrade CTA when no Pro license is active (relies on the new <code>premium_locked<\/code> flag exposed by the Pro plugin's <code>soscaptcha_integrations<\/code> filter)<\/li>\n<li>Add <code>soscaptcha_show_get_pro_menu<\/code> filter; the Pro plugin (1.0.2+) hooks it to hide the \"Get Pro\" upsell submenu once a license is active<\/li>\n<\/ul>\n\n<h4>1.0.59 - 2026-05-05<\/h4>\n\n<ul>\n<li>Fix admin JS 404: rename <code>admin\/js\/sos-admin.{js,min.js}<\/code> \u2192 <code>admin\/js\/soscaptcha-admin.{js,min.js}<\/code> so the file matches the prefixed enqueue path introduced in 1.0.54<\/li>\n<\/ul>\n\n<h4>1.0.57 - 2026-05-05<\/h4>\n\n<ul>\n<li>Fix fatal error on activation: rename class files from <code>class-sos-*.php<\/code> to <code>class-soscaptcha-*.php<\/code> so they match the <code>require_once<\/code> paths introduced in 1.0.54 (the rename touched the require paths but not the files on disk)<\/li>\n<li>WordPress.org Plugin Check: prefix view-scope variables in <code>admin\/views\/{settings,integrations,get-pro}.php<\/code> with <code>soscaptcha_<\/code> to clear <code>WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound<\/code> warnings<\/li>\n<\/ul>\n\n<h4>1.0.56 - 2026-05-05<\/h4>\n\n<ul>\n<li>Prefix the three form-traveling input names (<code>challenge_session<\/code>, <code>challenge_nonce<\/code>, <code>collected_tokens<\/code> \u2192 <code>soscaptcha_session<\/code>, <code>soscaptcha_nonce<\/code>, <code>soscaptcha_tokens<\/code>) to avoid collisions with other plugins on host forms<\/li>\n<li>Updated all integrations (Contact Form 7, Comments + premium adapters) and the slider JS selectors accordingly<\/li>\n<\/ul>\n\n<h4>1.0.55 - 2026-05-04<\/h4>\n\n<ul>\n<li>Extend the <code>soscaptcha-<\/code> prefix to CSS classes and script handles (4+ char prefix everywhere) for WordPress.org compliance<\/li>\n<\/ul>\n\n<h4>1.0.54 - 2026-05-04<\/h4>\n\n<ul>\n<li>Rename PHP class prefix from <code>SOS_<\/code> to <code>SOSCAPTCHA_<\/code> and function prefix from <code>sos_<\/code> to <code>soscaptcha_<\/code> (4+ char prefix per WordPress.org guidelines)<\/li>\n<\/ul>\n\n<h4>1.0.53 - 2026-05-03<\/h4>\n\n<ul>\n<li>Architecture: split the plugin into a free build (this plugin) and an optional <code>sos-captcha-pro<\/code> companion plugin loaded through WordPress filters\/actions<\/li>\n<li>Free plugin no longer contains any premium code paths \u2014 addresses WordPress.org trialware concern<\/li>\n<li>Companion plugin declares <code>Requires Plugins: sos-captcha<\/code> (WP 6.5+)<\/li>\n<\/ul>\n\n<h4>1.0.52 - 2026-05-03<\/h4>\n\n<ul>\n<li>Source assets shipped in the ZIP are now stripped of dev comments (CSS and JS), keeping the code human-readable for reviewers without leaking internal notes<\/li>\n<li>Plugin loaders unchanged: .min.js and .min.css load in production, source files load with SCRIPT_DEBUG=true<\/li>\n<li>Removed GitHub repo link from readme (source ships inside the plugin)<\/li>\n<\/ul>\n\n<h4>1.0.51 - 2026-05-03<\/h4>\n\n<ul>\n<li>WordPress.org compliance round 2 (response to reviewer feedback)<\/li>\n<li>Trialware: build-time post-processor strips all $is_licensed conditionals from the free ZIP (new bin\/strip-license-checks.php)<\/li>\n<li>Source code visibility: ship non-minified .js \/ .css alongside their .min counterparts; document GitHub repo in readme<\/li>\n<li>Security: AJAX endpoints now require a session-tied HMAC nonce (cache-friendly). Form submissions verify the nonce in the validator. All 8 integrations render the nonce field.<\/li>\n<\/ul>\n\n<h4>1.0.50 - 2026-04-29<\/h4>\n\n<ul>\n<li>Rebrand: plugin renamed from \"SOS Anti-Spam\" to \"SOS Captcha\" \u2014 slug, text-domain and language files updated to \"sos-captcha\"<\/li>\n<li>Main file renamed: slide-out-spam.php \u2192 sos-captcha.php<\/li>\n<li>No functional change for existing installs; cleaner branding aligned with sos-captcha.com<\/li>\n<\/ul>\n\n<h4>1.0.49 - 2026-04-27<\/h4>\n\n<ul>\n<li>WordPress.org compliance pass<\/li>\n<li>Prefix all AJAX actions with sos_ to avoid collisions<\/li>\n<li>Remove load_plugin_textdomain (not needed for plugins hosted on WordPress.org)<\/li>\n<li>Replace the License page in the free build with a Compare-plans page (no license input, no external API call)<\/li>\n<li>Premium upgrade is now a manual download from sos-captcha.com (Plugins \u2192 Add New \u2192 Upload)<\/li>\n<li>Initial public release<\/li>\n<li>Contact Form 7 and WordPress comments protection<\/li>\n<li>WP login, registration, and lost-password protection (Premium)<\/li>\n<li>Up to 8 checkpoints (Free) \/ 15 (Premium)<\/li>\n<li>10-language support<\/li>\n<\/ul>","raw_excerpt":"Privacy-first spam protection with an interactive slider challenge. No tracking, no cookies, no external services. GDPR compliant by design.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/303274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=303274"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/solariane"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=303274"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=303274"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=303274"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=303274"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=303274"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=303274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}