{"id":338477,"date":"2026-07-12T17:10:46","date_gmt":"2026-07-12T17:10:46","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/realnode-anti-scalper\/"},"modified":"2026-07-12T17:10:13","modified_gmt":"2026-07-12T17:10:13","slug":"realnode-anti-scalper","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/realnode-anti-scalper\/","author":23530658,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.1.1","stable_tag":"1.1.1","tested":"7.0.1","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"RealNode Anti-Scalper","header_author":"EMKAY LABS","header_description":"Hardware-backed bot protection for WooCommerce. Stops scalper bots at checkout using FIDO2\/WebAuthn cryptographic attestation \u2014 zero personal data collected.","assets_banners_color":"","last_updated":"2026-07-12 17:10:13","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/realnode.emkaylabs.tech","header_author_uri":"https:\/\/emkaylabs.tech","rating":0,"author_block_rating":0,"active_installs":0,"downloads":35,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.1.1":{"tag":"1.1.1","author":"emkaylabs","date":"2026-07-12 17:10:13"}},"upgrade_notice":{"1.1.1":"<p>Minor update. No settings changes required.<\/p>","1.1.0":"<p>Adds multi-tier plan support (Insight, Sentinel, Vault) and requires a Secret Key for backend validation. Update your settings page after upgrading.<\/p>"},"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.1.1"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Settings page \u2014 paste your API keys to activate protection.","2":"WooCommerce checkout \u2014 the \"Place Order\" button is intercepted seamlessly.","3":"Biometric prompt \u2014 the user verifies their identity using their device (TouchID, FaceID, Windows Hello)."}},"plugin_section":[],"plugin_tags":[11324,166108,362,237432,132861],"plugin_category":[44],"plugin_contributors":[271263],"plugin_business_model":[],"class_list":["post-338477","plugin","type-plugin","status-publish","hentry","plugin_tags-anti-bot","plugin_tags-bot-protection","plugin_tags-captcha","plugin_tags-checkout-security","plugin_tags-fraud-prevention","plugin_category-discussion-and-community","plugin_contributors-emkaylabs","plugin_committers-emkaylabs"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/realnode-anti-scalper.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p>RealNode Anti-Scalper protects WooCommerce stores against automated purchasing bots and inventory hoarding. It integrates hardware-level identity verification directly into the checkout flow.<\/p>\n\n<p>When a customer clicks \"Place Order\", RealNode requests a cryptographic proof from their device (TouchID, FaceID, or Windows Hello). This proof is generated inside the device's secure enclave and validated server-side before the order is processed.<\/p>\n\n<h4>Three service tiers<\/h4>\n\n<ul>\n<li><strong>RN Insight<\/strong> \u2014 Passive monitoring. Collects device signals without interrupting checkout.<\/li>\n<li><strong>RN Sentinel<\/strong> \u2014 Active protection. Biometric verification is required at checkout for every order.<\/li>\n<li><strong>RN Vault<\/strong> \u2014 Event-level control. Enforces per-user purchase quotas for high-demand ticket releases.<\/li>\n<\/ul>\n\n<h4>Key properties<\/h4>\n\n<ul>\n<li><strong>No personal data collected<\/strong> \u2014 only anonymous hardware identifiers (IDH) are transmitted<\/li>\n<li><strong>No friction for real users<\/strong> \u2014 verification completes in under 1 second using native device biometrics<\/li>\n<li><strong>No performance impact<\/strong> \u2014 the SDK loads asynchronously and does not affect page speed<\/li>\n<li><strong>No server maintenance<\/strong> \u2014 fully managed SaaS infrastructure<\/li>\n<li><strong>Fail-open by design<\/strong> \u2014 if the RealNode service is unreachable, checkout proceeds normally<\/li>\n<\/ul>\n\n<h4>Requirements<\/h4>\n\n<ul>\n<li>An active RealNode account at <a href=\"https:\/\/realnode.emkaylabs.tech\">realnode.emkaylabs.tech<\/a><\/li>\n<li>WooCommerce 6.0 or later<\/li>\n<li>Modern browsers with WebAuthn support (Chrome 67+, Firefox 60+, Safari 14+)<\/li>\n<\/ul>\n\n<h3>External services<\/h3>\n\n<p>This plugin communicates with the RealNode API to provide hardware-backed bot protection. Two endpoints are used:<\/p>\n\n<ol>\n<li><strong>RealNode SDK (api.emkaylabs.tech):<\/strong> The plugin loads the RealNode JavaScript SDK on checkout pages to trigger the WebAuthn\/FIDO2 verification prompt. Only anonymous hardware hashes (IDH) are transmitted \u2014 no personal data.<\/li>\n<li><strong>RealNode Backend API (rn-v3-elite.onrender.com):<\/strong> The plugin makes a server-to-server call to validate the cryptographic token generated during checkout and enforce purchase quotas. Data sent includes the ticket quantity and the anonymous hardware hash (IDH).<\/li>\n<\/ol>\n\n<p>This service is operated by EMKAY LABS.<\/p>\n\n<ul>\n<li>Service page and legal information: https:\/\/realnode.emkaylabs.tech<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>realnode-antiscalper<\/code> folder to <code>\/wp-content\/plugins\/<\/code><\/li>\n<li>Activate the plugin through the <strong>Plugins<\/strong> menu in WordPress<\/li>\n<li>Go to <strong>Settings &gt; RealNode Anti-Scalper<\/strong><\/li>\n<li>Paste your <code>pk_live_...<\/code> Public API key and your <code>sk_live_...<\/code> Secret key<\/li>\n<li>Click <strong>Save Settings<\/strong> \u2014 protection is now active on your checkout<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"do%20i%20need%20to%20touch%20any%20code%3F\"><h3>Do I need to touch any code?<\/h3><\/dt>\n<dd><p>No. The plugin automatically injects the SDK on checkout and cart pages and protects the WooCommerce \"Place Order\" button without any coding required.<\/p><\/dd>\n<dt id=\"what%20happens%20to%20customers%20who%20don%27t%20have%20a%20compatible%20device%3F\"><h3>What happens to customers who don't have a compatible device?<\/h3><\/dt>\n<dd><p>The plugin is fail-open by design. If a device does not support WebAuthn, verification is skipped and checkout proceeds normally. No legitimate customer is ever blocked.<\/p><\/dd>\n<dt id=\"does%20this%20slow%20down%20my%20site%3F\"><h3>Does this slow down my site?<\/h3><\/dt>\n<dd><p>No. The SDK loads only on cart and checkout pages, asynchronously, with no runtime dependencies. It has no effect on page speed for the rest of the site.<\/p><\/dd>\n<dt id=\"is%20my%20customers%27%20biometric%20data%20sent%20to%20realnode%3F\"><h3>Is my customers' biometric data sent to RealNode?<\/h3><\/dt>\n<dd><p>No. Biometric data never leaves the device. WebAuthn generates a cryptographic signature inside the device hardware. RealNode receives only an anonymous hash \u2014 never the fingerprint or face scan itself.<\/p><\/dd>\n<dt id=\"is%20the%20secret%20key%20%28sk_live_%29%20safe%20in%20wordpress%3F\"><h3>Is the Secret Key (sk_live_) safe in WordPress?<\/h3><\/dt>\n<dd><p>Yes. The Secret Key is stored as a WordPress option and is only used in server-side PHP calls via <code>wp_remote_post()<\/code>. It is never exposed to the browser or included in any JavaScript output.<\/p><\/dd>\n<dt id=\"which%20woocommerce%20checkout%20types%20are%20supported%3F\"><h3>Which WooCommerce checkout types are supported?<\/h3><\/dt>\n<dd><p>Both the classic shortcode checkout (<code>[woocommerce_checkout]<\/code>) and the modern block-based checkout are supported. The plugin uses multiple CSS selectors to locate the \"Place Order\" button across different themes.<\/p><\/dd>\n<dt id=\"what%20is%20the%20difference%20between%20sentinel%20and%20vault%3F\"><h3>What is the difference between Sentinel and Vault?<\/h3><\/dt>\n<dd><p>Sentinel requires biometric verification at every checkout. Vault adds a purchase quota per user per event \u2014 each user can only buy a set number of tickets, enforced by hardware attestation.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.1.1<\/h4>\n\n<ul>\n<li>Updated external service URLs in readme.txt.<\/li>\n<li>Updated event_id field description.<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Added multi-tier support: RN Insight, RN Sentinel, RN Vault.<\/li>\n<li>Added Secret Key (sk_live_) field for secure backend validation.<\/li>\n<li>Added device_token field to backend \/consume validation payload.<\/li>\n<li>SDK injection restricted to cart and checkout pages only.<\/li>\n<li>Added fail-open logic with 5-second timeout on backend API calls.<\/li>\n<li>Added 30-second modal timeout with automatic fail-open fallback.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<li>SDK injection with async loading.<\/li>\n<li>WooCommerce \"Place Order\" button protection.<\/li>\n<li>Settings page with API key and endpoint configuration.<\/li>\n<li>Graceful fail-open on unsupported devices.<\/li>\n<\/ul>","raw_excerpt":"Hardware-backed bot protection and fraud prevention for WooCommerce. Stops automated scalper bots at checkout using FIDO2\/WebAuthn cryptographic attes &hellip;","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/338477","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=338477"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/emkaylabs"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=338477"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=338477"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=338477"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=338477"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=338477"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=338477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}