Title: RealNode Anti-Scalper
Author: emkaylabs
Published: <strong>12.07.2026</strong>
Last modified: 15.07.2026

---

Търсене на разширения

![](https://ps.w.org/realnode-anti-scalper/assets/icon-256x256.png?rev=3608671)

# RealNode Anti-Scalper

 От [emkaylabs](https://profiles.wordpress.org/emkaylabs/)

[Изтегляне](https://downloads.wordpress.org/plugin/realnode-anti-scalper.1.1.1.zip)

 * [Детайли](https://bg.wordpress.org/plugins/realnode-anti-scalper/#description)
 * [Оценки](https://bg.wordpress.org/plugins/realnode-anti-scalper/#reviews)
 *  [Инсталиране](https://bg.wordpress.org/plugins/realnode-anti-scalper/#installation)
 * [Разработка](https://bg.wordpress.org/plugins/realnode-anti-scalper/#developers)

 [Поддръжка](https://wordpress.org/support/plugin/realnode-anti-scalper/)

## Описание

Every high-demand sale carries the same risk: automated scripts claim your inventory
in seconds, real customers miss out, and your support team spends days handling 
frustrated buyers. RealNode eliminates that scenario at the source.

Instead of analyzing traffic patterns and making probabilistic guesses, RealNode
asks a simple, unanswerable question to every purchase attempt: prove you are a 
human being, with a real device, right now. Automated scripts cannot answer that
question. Real customers answer it in a single tap.

The result is a checkout experience that feels identical to your customers — and
completely closed to bots.

#### How it works

When a customer clicks „Place Order“, RealNode requests a cryptographic signature
from the secure hardware chip already built into their device: TouchID or FaceID
on an iPhone or Mac, Windows Hello on a PC, or a connected security key like a Yubikey.
That signature is unique to the physical hardware and mathematically impossible 
to replicate in software.

The signed proof is validated in under 200ms. If it passes, the order goes through.
If it does not, the order is stopped — silently, with no impact on your genuine 
customers.

#### Three protection tiers

**RN Insight — Passive audit**

RN Insight runs entirely in the background. It analyzes traffic, classifies device
environments (including headless browser frameworks such as Puppeteer or Playwright),
and surfaces behavioral intelligence in your operator dashboard. No user is ever
challenged or interrupted.

This tier is built for stores that want to understand the volume and nature of their
automated traffic before committing to active enforcement. It is also the right 
choice when your users are high-trust and any checkout friction would be commercially
unacceptable.

**RN Sentinel — Adaptive protection**

RN Sentinel adds a trigger layer on top of the same passive analysis. The SDK evaluates
client-side kinetic micro-interaction signals locally at the edge (8–12Hz jitter
analysis), looking for behavioral patterns consistent with automated scripts. When
the behavioral score flags a session as suspicious, a biometric verification step
is requested before the order proceeds.

Genuine customers complete the challenge in a single gesture — the same one they
use to unlock their phone — and continue normally. Automated scripts, which lack
a real user and a real hardware chip, cannot complete it.

The key distinction: RN Sentinel only challenges sessions that have been flagged.
Clean sessions flow through without interruption. This keeps overall friction low
while applying meaningful enforcement where it matters.

**RN Vault — Zero-tolerance enforcement**

RN Vault is designed for flash sales, exclusive drops, and any event where a single
successful bot transaction represents an unacceptable outcome. Hardware attestation
is required on every protected purchase, regardless of the behavioral score. No 
session skips verification.

Each attestation is cryptographically bound to a specific device’s hardware chip
and scoped to your defined event. The system enforces per-user purchase quotas that
are physically unbypassable — switching browsers, clearing cookies, or routing through
a different IP does not change the hardware identity. One device equals one verified
buyer.

Your customers see their remaining quota in real time on the checkout page. When
the limit is reached, the plugin surfaces a quota extension request button rather
than silently blocking.

#### Device management in My Account

On Sentinel and Vault plans, the plugin adds a security management panel directly
inside the WooCommerce „My Account“ area. Customers can:

 * View all hardware-attested devices linked to their identity
 * Block a device that has been stolen or compromised (global revocation in under
   500ms)
 * Free a device before reselling it (removes their identity from the hardware signature)
 * Transfer their attested identity to another user
 * Restore access using an emergency recovery code if their device is unavailable
 * Request a rescue link by email if the recovery code is also lost

#### Built to keep your sales running

RealNode is designed as an additive security layer. If our infrastructure becomes
unreachable for any reason, the plugin steps aside automatically and your checkout
continues without interruption. Your revenue path has no dependency on our uptime.

For Vault-tier operators running zero-tolerance events, this default behavior can
be inverted from the dashboard: the system pauses the purchase flow rather than 
opening it if the backend is unreachable. This is a deliberate, opt-in setting for
situations where closing the flow is the safer business decision.

#### Privacy and GDPR

No biometric data is ever transmitted to RealNode. The biometric gesture (fingerprint,
face scan) unlocks the device’s secure hardware chip locally and never leaves the
device. What RealNode receives is a cryptographic signature — a mathematical output
of the private key operation.

Users are identified exclusively through anonymized Hardware Identifiers (IDH): 
cryptographic hashes derived from device characteristics, with no personal data 
involved. Each IDH is scoped per site and per event, making cross-site correlation
impossible by architecture rather than by policy.

#### Requirements

 * An active RealNode account at [app.realnode.emkaylabs.tech](https://app.realnode.emkaylabs.tech)
 * WooCommerce 6.0 or later
 * Modern browsers with WebAuthn support (Chrome 67+, Firefox 60+, Safari 14+)

For customers on devices without built-in biometrics: WebAuthn and FIDO2 allow cross-
device authentication. A customer on an older desktop can complete verification 
by scanning a QR code with their smartphone. RN Insight and non-flagged Sentinel
sessions never require this step at all.

### External services

This plugin communicates with two RealNode endpoints operated by EMKAY LABS:

 1. **RealNode SDK (api.emkaylabs.tech):** Loads the client-side JavaScript SDK asynchronously
    on checkout and cart pages. Initiates the WebAuthn/FIDO2 challenge and computes
    the hardware identifier (IDH) locally on the device. Only the cryptographic signature
    and the anonymous IDH are transmitted — no biometric data, no personal identifiers.
 2. **RealNode Backend API (rn-v3-elite.onrender.com):** Receives the cryptographic
    token generated during checkout and validates it server-side. On Vault plans, it
    also enforces atomic purchase quotas per event per IDH using a distributed in-memory
    cache (≤2ms response time), backed by a Supabase persistence layer with row-level
    security.

Service page and legal information: [realnode.emkaylabs.tech](https://realnode.emkaylabs.tech)

## Инсталиране

**Prerequisites:** Your site must be served over HTTPS. WebAuthn (the browser standard
that powers biometric verification) is a secure-context-only feature — it will not
work on plain HTTP, by browser design. Most production hosting providers include
free SSL certificates. Local test environments (localhost) are exempt.

 1. Create your RealNode account at [app.realnode.emkaylabs.tech/signup](https://app.realnode.emkaylabs.tech/signup)
    and copy your Public API key (`pk_live_...`) and Secret key (`sk_live_...`) from
    your dashboard
 2. Upload the `realnode-antiscalper` folder to `/wp-content/plugins/`, or install 
    directly through the WordPress plugin directory
 3. Activate the plugin through the **Plugins** menu in WordPress
 4. Go to **Settings > RealNode Anti-Scalper**
 5. Paste your `pk_live_...` Public API key and your `sk_live_...` Secret key
 6. Select your service tier (Insight, Sentinel, or Vault) — if you are unsure, your
    active plan is shown directly in your RealNode dashboard
 7. Click **Save Settings** — protection is active immediately

No code changes are required. The plugin automatically injects the SDK on checkout
and cart pages and intercepts the WooCommerce „Place Order“ button.

**Note on the Secret Key:** Your `sk_live_...` key is stored in your WordPress database
and used exclusively in server-side PHP requests. It is never output in HTML or 
JavaScript and is never visible to your site visitors.

## ЧЗВ

### Do I need to modify my theme or write any code?

No. The plugin handles everything: SDK injection, button interception, backend validation,
and the device management panel in My Account. You paste your API keys, select your
tier, and save. That is the entire integration.

### What happens if a customer’s device does not support biometrics?

For RN Insight: nothing. No verification is ever requested.

For RN Sentinel: the biometric step is only triggered when a session is flagged 
as suspicious. A customer on a clean session never encounters it.

For RN Vault: if a desktop or laptop does not have a built-in biometric sensor, 
FIDO2/WebAuthn standards allow the customer to use their smartphone as a universal
security key — they scan a QR code and complete the gesture on their phone in seconds.
In the extremely rare situation where no compatible secondary device is available,
the system falls back to your store’s existing defense layer. RealNode is built 
to stop automated fraud, not to block human buyers.

### Does this slow down my site?

No. The SDK loads asynchronously and only on cart, checkout, and account pages. 
It has zero effect on the rest of your site. Backend validation runs with a 5-second
timeout; if RealNode does not respond in time, checkout completes normally.

### Is biometric data sent to RealNode?

No. The biometric gesture (fingerprint, face scan) happens entirely on the device’s
secure hardware chip. RealNode never receives, processes, or stores biometric data
of any kind. What the server sees is an anonymous cryptographic hash — the mathematical
output of the hardware signing operation.

### What is the difference between RN Sentinel and RN Vault?

RN Sentinel applies a biometric challenge selectively — only when the behavioral
engine detects patterns consistent with automated scripts. Most genuine customers
complete checkout without any interruption.

RN Vault requires a hardware attestation on every protected transaction, unconditionally.
It also enforces per-user purchase quotas that are bound to the physical device,
not to an account or a browser session.

### Can a customer buy multiple tickets with different devices?

On RN Vault, each physical device is a separate identity. The quota is enforced 
per device per event. If the same person attempts to buy additional tickets using
a second phone, that device is treated as a separate entity and has its own quota.
The system does not link hardware identities to each other.

### What is the Event ID field?

The Event ID is an internal label you define to scope purchase quotas. For example:`
CONCERT-PARIS-2026`. All purchases are tracked against that label. If you run multiple
events on the same store, changing the Event ID before each one resets the quota
tracking for that event without affecting others.

### Is the Secret Key safe?

Yes. The Secret Key (`sk_live_...`) is stored as a WordPress option and is used 
only in server-side PHP calls via `wp_remote_post()`. It is never included in any
JavaScript output or exposed to the browser.

### Will my legitimate customers ever be incorrectly blocked?

The false positive rate is extremely low by design. On RN Insight, users are never
blocked — the system only observes silently. On RN Sentinel, a verification step
is triggered in fewer than 0.1% of legitimate sessions, and those customers clear
it in under 1.5 seconds. On RN Vault, the FIDO2 enrollment is a one-time action —
all subsequent purchases are instant and transparent. No plan makes a purchasing
decision based on guesswork.

### Can I switch plans without changing my code?

Yes, completely freely. You can upgrade, downgrade, or cancel your subscription 
in one click from your RealNode dashboard. The WordPress plugin reads your active
tier automatically at each page load — it requires zero code changes when you switch
plans. The change takes effect immediately, with no redeployment required.

### What is a billing unit exactly? How is usage counted?

A billing unit is one unique device (IDH) analyzed on one specific protected event
or page, within a given billing cycle. The rules are straightforward:

 * If the same customer accesses 3 different protected events, that counts as 3 
   units.
 * If that same customer returns 100 times to the same event within the month, it
   still counts as 1 unit.
 * The count applies regardless of whether the device is classified as human, suspicious,
   or a bot.
 * Each store’s quota is completely isolated from every other RealNode client.

You can monitor your real-time consumption from your dashboard and receive a preventive
alert before reaching your limit. If the monthly quota is exhausted, the service
continues and additional units are billed per unit (RN Insight: $0.02 / RN Sentinel:
$0.05 / RN Vault: $0.08).

### Can bots fake or spoof the hardware fingerprint?

The Hardware Device Identifier (IDH) is derived from dozens of hardware-level signals
that are extremely difficult to spoof consistently — GPU rendering characteristics,
audio context, screen calibration data, and more. Unlike cookies or IP addresses,
spoofing an IDH requires acquiring real physical hardware. On RN Vault, a perfect
IDH spoof is still insufficient: the FIDO2 biometric attestation requires physical
access to the specific device’s secure hardware chip. There is no known software
workaround.

### Does the plugin use cookies or tracking technologies?

For RN Insight and Sentinel, RealNode does not use cookies. It stores an anonymous
hardware-derived token in the browser’s localStorage. For RN Vault, a temporary 
first-party session cookie is used on your domain to secure the active biometric
session. No advertising, profiling, or cross-site tracking cookies are used at any
tier. This functional usage is fully exempt from cookie consent banners under ePrivacy
regulations.

### How do I prepare for a flash sale or high-demand event?

RealNode is specifically built for high-traffic events. Before a major sale, we 
recommend three steps: (1) Upgrade your plan to the appropriate tier for the event
window from your dashboard. (2) Set a specific Event ID matching the sale, so purchase
quotas are tracked and reset per event. (3) Optionally enable Fail-Closed mode from
your dashboard for the duration of the event if zero-tolerance is required. For 
events expecting more than 100,000 concurrent sessions, contact us in advance — 
we can pre-allocate dedicated infrastructure capacity.

### Is there an audit log I can consult for fraud investigations?

Yes. Every security event — verification, quota consumption, device ban, recovery
attempt, or suspicious score — is written to an immutable log in your RealNode administration
console at app.realnode.emkaylabs.tech/dashboard. You can filter by date range, 
device hash, trust level, or event type, and export in JSON or CSV. On RN Vault,
forensic logs include the full attestation chain, making them usable as evidence
in dispute resolution or fraud investigations.

### Looking for headless or custom platforms?

RealNode is platform-agnostic. While this plugin provides a zero-code integration
for WooCommerce, our core infrastructure can be deployed anywhere. We provide a 
native client-side SDK via npm (`@emkaylabs/realnode-sdk`) and raw JavaScript integrations
for custom stacks, Shopify, or headless architectures. Visit our package on [NPM](https://www.npmjs.com/package/@emkaylabs/realnode-sdk),
check out our [GitHub repository](https://github.com/Emkay-Labs/realnode-client-sdk),
or visit our documentation at https://realnode.emkaylabs.tech to learn more. If 
you need integration support, reach out to us at security@emkaylabs.tech.

## Отзиви

There are no reviews for this plugin.

## Сътрудници и разработчици

“RealNode Anti-Scalper” е софтуер с отворен код. Към разширението са допринесли 
следните хора:

Сътрудници

 *   [ emkaylabs ](https://profiles.wordpress.org/emkaylabs/)

[Превеждане на “RealNode Anti-Scalper” на вашия език.](https://translate.wordpress.org/projects/wp-plugins/realnode-anti-scalper)

### Имате интерес към разработване?

[Преглеждане на кода](https://plugins.trac.wordpress.org/browser/realnode-anti-scalper/),
разглеждане на [SVN хранилище](https://plugins.svn.wordpress.org/realnode-anti-scalper/),
или абонамент към [програмната история (log)](https://plugins.trac.wordpress.org/log/realnode-anti-scalper/)
чрез [RSS](https://plugins.trac.wordpress.org/log/realnode-anti-scalper/?limit=100&mode=stop_on_copy&format=rss).

## Списък с промени

#### 1.1.1

 * Added automatic plan detection: the plugin now contacts the RealNode API when
   you save your Public Key and sets your service tier automatically. No manual 
   selection required.
 * Added daily WP-Cron sync to keep your plan up to date when you upgrade or downgrade
   your subscription — zero WordPress config changes needed.
 * Added direct „Access Dashboard“ button on the settings page for one-click access
   to your RealNode console.
 * Added auto-generated Event ID based on WooCommerce product IDs when no manual
   Event ID is defined (Vault plan).
 * Added real-time quota badge on individual product pages for Vault plans.
 * Added HTTPS environment check: a warning is now shown in the WordPress admin 
   if the site is not served over HTTPS.
 * Added account creation as the first step of the installation guide.

#### 1.1.0

 * Added multi-tier support: RN Insight, RN Sentinel, RN Vault.
 * Added Secret Key (sk_live_) field for secure backend validation.
 * Added device_token to the backend /consume validation payload.
 * SDK injection restricted to cart, checkout, and account pages only.
 * Added fail-open logic with 5-second timeout on backend API calls.
 * Added 30-second modal timeout with automatic fail-open fallback.
 * Added real-time quota display on Vault checkout page.
 * Added device management panel (list, revoke, transfer, recover) in WooCommerce
   My Account.

#### 1.0.0

 * Initial release.
 * SDK injection with async loading.
 * WooCommerce „Place Order“ button protection.
 * Settings page with API key and endpoint configuration.
 * Graceful fail-open on unsupported devices.

## Мета

 *  Version **1.1.1**
 *  Last updated **Преди 6 часа **
 *  Active installations **По-малко от 10**
 *  WordPress version ** 5.8 или по-висока **
 *  Tested up to **7.0.1**
 *  PHP version ** 7.4 или по-висока **
 *  Language
 * [English (US)](https://wordpress.org/plugins/realnode-anti-scalper/)
 * Tags
 * [anti-bot](https://bg.wordpress.org/plugins/tags/anti-bot/)[checkout security](https://bg.wordpress.org/plugins/tags/checkout-security/)
   [webauthn](https://bg.wordpress.org/plugins/tags/webauthn/)[woocommerce](https://bg.wordpress.org/plugins/tags/woocommerce/)
 *  [Разширен изглед](https://bg.wordpress.org/plugins/realnode-anti-scalper/advanced/)

## Оценки

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/realnode-anti-scalper/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/realnode-anti-scalper/reviews/)

## Сътрудници

 *   [ emkaylabs ](https://profiles.wordpress.org/emkaylabs/)

## Поддръжка

Имате да кажете нещо? Имете нужда от помощ?

 [Разглеждане на форумите за поддръжка](https://wordpress.org/support/plugin/realnode-anti-scalper/)