Title: Crovly – Proof of Work Captcha & Spam Protection Author: crovly Published: Èbìbí 7, 2026 Last modified: Èbìbí 7, 2026 --- Ṣàwárí àwọn plugin ![](https://ps.w.org/crovly/assets/banner-772x250.png?rev=3525467) ![](https://ps.w.org/crovly/assets/icon-256x256.png?rev=3525467) # Crovly – Proof of Work Captcha & Spam Protection Láti ọwọ́ [crovly](https://profiles.wordpress.org/crovly/) [Ṣe ìgbàsílẹ̀](https://downloads.wordpress.org/plugin/crovly.1.0.6.zip) * [Àwọn àlàyé](https://yor.wordpress.org/plugins/crovly/#description) * [Àwọn àgbéyẹ̀wò](https://yor.wordpress.org/plugins/crovly/#reviews) * [Ìgbéwọlẹ̀](https://yor.wordpress.org/plugins/crovly/#installation) * [Ìdàgbàsókè](https://yor.wordpress.org/plugins/crovly/#developers) [Ìrànlọ́wọ́](https://wordpress.org/support/plugin/crovly/) ## Àpèjúwe Crovly is a privacy-first captcha service powered by Proof of Work. Unlike traditional captchas that rely on image puzzles (easily solved by AI) or invasive tracking, Crovly makes the visitorÌtumọ̀ Yorùbá: ’s browser do computational work to prove itÌtumọ̀ Yorùbá: ’s not a bot. **How it works:** 1. Your visitorÌtumọ̀ Yorùbá: ’s browser solves a small cryptographic puzzle (Proof of Work) 2. Browser fingerprint and environment signals are collected (as a hash — no personal data stored) 3. Behavioral analysis detects automated patterns (mouse, keyboard, scroll) 4. A composite score determines if the visitor is human **Key features:** * **Privacy-friendly** — No cookies, no cross-site tracking * **No image puzzles** — Invisible to legitimate users * **Resistant to AI vision attacks** — Proof of Work cannot be solved by image recognition * **IP binding** — Tokens are bound to the solverÌtumọ̀ Yorùbá: ’s IP address * **Adaptive difficulty** — Suspicious visitors receive harder challenges * **22+ integrations** — Works with major WordPress form plugins * **Lightweight** — Widget is under 25KB gzipped, zero dependencies, 42 languages **Supported integrations:** * WordPress login, registration, lost password, comments * WooCommerce (checkout, login, register, lost password, pay for order) * Contact Form 7 * WPForms * Gravity Forms * Elementor Pro Forms * Ninja Forms * Fluent Forms * Formidable Forms * Forminator * Jetpack Contact Form * Divi (contact form, login) * BuddyPress (registration, activity) * bbPress (topics, replies) * Ultimate Member (login, register, password reset) * MemberPress (checkout, login) * Paid Memberships Pro * Easy Digital Downloads * Mailchimp for WordPress * GiveWP * wpDiscuz * wpForo * WordPress Multisite signup **Shortcode & PHP support:** Use `[crovly]` shortcode in any page or post, or call `crovly_render()` and `crovly_verify()` in your theme templates. ### External services This plugin relies on the Crovly captcha service to function. It connects to two external endpoints: **1. Crovly Widget CDN (get.crovly.com)** The plugin loads the JavaScript widget from `https://get.crovly.com/widget.js` on any page that contains a protected form. The widget runs Proof of Work in the visitorÌtumọ̀ Yorùbá: ’s browser and collects a hashed browser fingerprint. * **When:** Loaded on frontend pages that display a protected form (login, register, comment, checkout, etc.) * **What is sent:** Standard HTTP request headers (IP address, user agent). No personal data. * **Terms of Service:** [https://crovly.com/terms](https://crovly.com/terms) * **Privacy Policy:** [https://crovly.com/privacy](https://crovly.com/privacy) **2. Crovly Verification API (api.crovly.com)** When a visitor submits a protected form, the plugin sends the generated captcha token to `https://api.crovly.com/verify-token` for server-side verification. * **When:** On form submission of any form protected by Crovly. * **What is sent:** The captcha token (opaque string), the visitorÌtumọ̀ Yorùbá:’ s IP address (for IP binding), and your Secret Key (for authentication). * **What is received:** A success/failure response indicating whether the token is valid. * **Terms of Service:** [https://crovly.com/terms](https://crovly.com/terms) * **Privacy Policy:** [https://crovly.com/privacy](https://crovly.com/privacy) Both services are operated by Crovly. No data is shared with third parties. The plugin does not set cookies or track visitors across sites. ## Ìgbéwọlẹ̀ 1. Upload the `crovly` folder to `/wp-content/plugins/` 2. Activate the plugin through the ‘Plugins’ menu in WordPress 3. Go to Settings > Crovly 4. Enter your Site Key and Secret Key (obtained from the Crovly service dashboard) 5. Select which forms to protect 6. Done! Your forms are now protected ## FAQ ### Where do I get my API keys? Sign up for an account at the Crovly service. Create a site and you will receive a Site Key (public) and a Secret Key (private). See the External services section above for the service URL. ### Does Crovly use cookies? No. Crovly does not set any cookies and does not track users across sites. ### How does Crovly handle user data? Crovly only transmits a hashed browser fingerprint and the visitorÌtumọ̀ Yorùbá:’ s IP address (used for IP binding to prevent token replay). No personal data is stored. See the External services section for full details. ### What happens if the Crovly API is unreachable? The plugin fails open — if the verification API cannot be reached, the form submission is allowed through. This prevents legitimate users from being blocked by network issues. ### Can I use Crovly with a form plugin not listed? Yes! Use the `[crovly]` shortcode to add the widget to any form, and call `crovly_verify()` in your form processing code to verify the token. ### Does it work with WordPress Multisite? Yes. Crovly supports Multisite signup forms and cleans up data across all sites on uninstall (if enabled). ### Can I define API keys in wp-config.php? Yes. Add these constants to your `wp-config.php` to override the database settings: ``` define('CROVLY_SITE_KEY', 'crvl_site_...'); define('CROVLY_SECRET_KEY', 'crvl_secret_...'); ``` When constants are defined, the settings page inputs become read-only. ### IÌtumọ̀ Yorùbá: ’m locked out! How do I disable Crovly? Add this to your `wp-config.php`: ``` define('CROVLY_DISABLE', true); ``` This bypasses all captcha verification so you can log in and fix your settings. Remove it when done. ### Is Crovly compatible with WooCommerce HPOS? Yes. Crovly declares High-Performance Order Storage (HPOS) compatibility. ### Does Crovly work with Cloudflare? Yes. The widget script is automatically tagged with `data-cfasync="false"` to prevent conflicts with Cloudflare Rocket Loader. ## Àwọn àgbéyẹ̀wò Kò sí àwọn àgbéyẹ̀wò fún plugin yìí. ## Àwọn Olùkópa & Olùgbéejáde “Crovly – Proof of Work Captcha & Spam Protection” jẹ́ ètò ìṣàmúlò orísun ṣíṣí sílẹ̀. Àwọn ènìyàn wọ̀nyí ti ṣe ìkópa sí plugin yìí. Àwọn Olùkópa * [ crovly ](https://profiles.wordpress.org/crovly/) [Túmọ̀ “Crovly – Proof of Work Captcha & Spam Protection” sí èdè rẹ.](https://translate.wordpress.org/projects/wp-plugins/crovly) ### Ṣe o nífẹ̀ẹ́ sí ìdàgbàsókè? [Ṣàwárí koodu](https://plugins.trac.wordpress.org/browser/crovly/), ṣàyẹ̀wò [ibi ìpamọ́ SVN](https://plugins.svn.wordpress.org/crovly/), tàbí ṣe àgbékalẹ̀ sí [àkọsílẹ̀ ìdàgbàsókè](https://plugins.trac.wordpress.org/log/crovly/) nípasẹ̀ [RSS](https://plugins.trac.wordpress.org/log/crovly/?limit=100&mode=stop_on_copy&format=rss). ## Àkọsílẹ̀ àwọn àyípadà #### 1.0.6 * Inline admin script moved to enqueued asset file (wp_enqueue_script) * Service badge is now opt-in (off by default) per WordPress.org guideline 10 * Added “Show service badge” setting under Advanced #### 1.0.5 * Removed promotional language and pricing references per WordPress.org guidelines * Reduced external links in description (kept only in External services section) * Reworded compliance claims to be more accurate #### 1.0.4 * Added “External services” disclosure section per WordPress.org requirements * Added rel=”noopener” to external links * Updated “Tested up to” to WordPress 6.8 #### 1.0.3 * Widget i18n: 42 languages with automatic browser language detection * Updated docs URL structure (SDKs and Platforms separation) #### 1.0.2 * Added data-fallback=”open” for HA fail-open behavior * Updated docs links and widget size references * Synced readme.txt stable tag #### 1.0.1 * XSS sanitization hardening #### 1.0.0 * Initial release * 22+ form integrations * Proof of Work captcha with adaptive difficulty * Browser fingerprint and headless detection * Behavioral analysis (mouse, keyboard, scroll, touch) * Light, dark, and auto theme support * IP allowlist * Shortcode and PHP function support * WordPress Multisite support * wp-config.php constants support (CROVLY_SITE_KEY, CROVLY_SECRET_KEY, CROVLY_DISABLE) * Test Connection button for API key validation * WooCommerce HPOS compatibility * Cloudflare Rocket Loader compatibility * Emergency lockout recovery via CROVLY_DISABLE constant ## Àkójọpọ̀ Meta * Ẹ̀yà **1.0.6** * Ìgbàgbọ́hùn tó kẹ́yìn **ọ̀sẹ̀ 4 sẹ́yìn** * Àwọn ìgbéwọlẹ̀ tó ṣiṣẹ́ **Tó kéré sí 10** * Ẹ̀yà WordPress ** 5.8 tàbí ju bẹ́ẹ̀ lọ ** * Dánwò dé **6.9.4** * Ẹ̀yà PHP ** 7.4 tàbí ju bẹ́ẹ̀ lọ ** * Èdè * [English (US)](https://wordpress.org/plugins/crovly/) * Àwọn àmì * [bot protection](https://yor.wordpress.org/plugins/tags/bot-protection/)[captcha](https://yor.wordpress.org/plugins/tags/captcha/) [Proof of Work](https://yor.wordpress.org/plugins/tags/proof-of-work/)[security](https://yor.wordpress.org/plugins/tags/security/) [spam](https://yor.wordpress.org/plugins/tags/spam/) * [Ìwòye Tó Péye](https://yor.wordpress.org/plugins/crovly/advanced/) ## Àwọn ìbò Kò sí ìwádìí tí a tíì fi ránṣẹ́. [Your review](https://wordpress.org/support/plugin/crovly/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/crovly/reviews/) ## Àwọn Olùkópa * [ crovly ](https://profiles.wordpress.org/crovly/) ## Ìrànlọ́wọ́ Nǹkan wà tí o fẹ́ sọ? Ṣé o nílò ìrànlọ́wọ́? [Wo àpéjọ ìrànlọ́wọ́](https://wordpress.org/support/plugin/crovly/)