Guide · WordPress plugin

WordPress spam, solved —
without making humans suffer.

The free useHUMA plugin blocks comment spam, fake registrations and Contact Form 7 bots using invisible behavioral verification. Your visitors never solve a puzzle; bots never get through. Setup is one API key.

↓ Download plugin (v1.0.0)Get a free API key

Comments

Spam rejected before it ever reaches your moderation queue.

Registration

Fake account signups stopped at the door.

Contact Form 7

Form spam invalidated on submission, automatically.

01Install the plugin

In your WordPress admin: Plugins → Add New → Upload Plugin, choose the downloaded zip, install and activate. (A WordPress.org directory listing is under review — until then, the direct download above is the official build.)

02Paste your API key

Get a free key at humaverify.com/signup, then go to Settings → useHUMA and paste it. Choose what to protect — comments, registration, Contact Form 7 — and the threshold (50 is a balanced default).

03That's it

Protection is invisible from this point on. The plugin bundles a tiny collector that observes interaction timing (never contents), and each submission is verified server-side against your key.

Fail-open by design: if the verification API is ever unreachable, your forms keep working. And strict mode (optional) rejects submissions that carry no behavioral signals at all — which is how scripted direct-POST bots look.

Frequently asked

Will visitors see a CAPTCHA or checkbox?
Never. Verification is completely invisible — visitors just use your site normally.
Does it work with caching plugins?
Yes. The collector runs client-side after page load, so full-page caching doesn't affect it.
Is it GDPR friendly?
Only statistical aggregates of interaction timing are collected — never what visitors type, no fingerprinting databases, no PII stored.
Get your free API key →