Rate Limiting	Limit the number of searches per IP address to prevent abuse and bot attacks > Enable Rate Limiting "> Max Attempts " class="form-control" min="1" max="100"> Maximum searches allowed per time window (1-100) Time Window (minutes) " class="form-control" min="1" max="1440"> Reset attempts after this duration (1-1440 minutes) Block Duration (minutes) " class="form-control" min="1" max="10080"> How long to block after exceeding limit (1-10080 minutes) Error Message " class="form-control"> Message shown when blocked > Enable IP Whitelist " class="mt-3"> Whitelisted IPs (one per line) <?= $checker[ "security" ]["rate_limit"]["whitelist_ips"] ?? "" ?> IPs that bypass rate limiting (supports CIDR notation like 192.168.1.0/24)
Google reCAPTCHA v3	How to get keys: 1. Go to reCAPTCHA Admin Console 2. Create a new site with Score based (v3) type 3. Add your domain (e.g., dwindi.com) 4. Copy the Site Key and Secret Key shown after creation Note: If using Google Cloud Console, click "Use Legacy Key" under Integration tab to get the secret key > Enable reCAPTCHA v3 "> Site Key * " class="form-control" placeholder="6Lc..."> Public key for frontend - shown after creating reCAPTCHA site Secret Key (Server) * " class="form-control" placeholder="Secret key from Google admin console"> Server-side secret from Google reCAPTCHA admin console (required for verification) Minimum Score " class="form-control" min="0" max="1" step="0.1" > 0.0 (likely bot) to 1.0 (likely human). Recommended: 0.5 Action Name " class="form-control" > Action name for reCAPTCHA tracking (letters only) > Hide reCAPTCHA Badge Hides the "protected by reCAPTCHA" badge. You must add attribution elsewhere on the page. Custom Error Message " class="form-control" placeholder="">
Cloudflare Turnstile	How to get keys: 1. Go to Cloudflare Turnstile Dashboard 2. Click "Add Widget" and enter your site name 3. Add your domain (e.g., dwindi.com) 4. Choose Widget Mode: Managed (recommended) or Non-interactive 5. Copy the Site Key and Secret Key shown after creation > Enable Cloudflare Turnstile "> Site Key * " class="form-control" placeholder="0x4AAA..."> Public key for frontend (starts with 0x4AAA...) Secret Key * " class="form-control" placeholder="0x4AAA..."> Private key for backend verification (starts with 0x4AAA...) Theme Size Custom Error Message " class="form-control" placeholder="">
Honeypot Protection	> "> " class="form-control" placeholder="">
IP Detection Method	Configure how to detect visitor IP addresses IP Detection Priority > Automatic (Recommended) Automatically detect IP through Cloudflare, proxies, and standard headers > REMOTE_ADDR Only Only use REMOTE_ADDR (less accurate but more predictable)
Nonce Verification	WordPress security token to prevent CSRF attacks Enable Nonce Verification (Always Active) Nonce verification is always enabled for security. This protects against Cross-Site Request Forgery (CSRF) attacks.
Security Status	Security Check: Please configure at least one protection method (Rate Limiting, reCAPTCHA, or Turnstile).
Security Recommendations: Enable at least one protection method (Rate Limiting, reCAPTCHA, or Turnstile) Only enable ONE CAPTCHA solution at a time (reCAPTCHA or Turnstile) For high-traffic sites, use Rate Limiting with reCAPTCHA v3 Regularly review rate limiting logs for suspicious activity

Rate Limiting

Limit the number of searches per IP address to prevent abuse and bot attacks

> Enable Rate Limiting

">

Max Attempts " class="form-control" min="1" max="100"> Maximum searches allowed per time window (1-100)

Time Window (minutes) " class="form-control" min="1" max="1440"> Reset attempts after this duration (1-1440 minutes)

Block Duration (minutes) " class="form-control" min="1" max="10080"> How long to block after exceeding limit (1-10080 minutes)

Error Message " class="form-control"> Message shown when blocked

> Enable IP Whitelist

" class="mt-3"> Whitelisted IPs (one per line) IPs that bypass rate limiting (supports CIDR notation like 192.168.1.0/24)

Google reCAPTCHA v3

How to get keys:
1. Go to reCAPTCHA Admin Console
2. Create a new site with Score based (v3) type
3. Add your domain (e.g., dwindi.com)
4. Copy the Site Key and Secret Key shown after creation
Note: If using Google Cloud Console, click "Use Legacy Key" under Integration tab to get the secret key

> Enable reCAPTCHA v3

">

Site Key * " class="form-control" placeholder="6Lc..."> Public key for frontend - shown after creating reCAPTCHA site

Secret Key (Server) * " class="form-control" placeholder="Secret key from Google admin console"> Server-side secret from Google reCAPTCHA admin console (required for verification)

Minimum Score " class="form-control" min="0" max="1" step="0.1" > 0.0 (likely bot) to 1.0 (likely human). Recommended: 0.5

Action Name " class="form-control" > Action name for reCAPTCHA tracking (letters only)

> Hide reCAPTCHA Badge

Hides the "protected by reCAPTCHA" badge. You must add attribution elsewhere on the page.

Custom Error Message " class="form-control" placeholder="">

Cloudflare Turnstile

How to get keys:
1. Go to Cloudflare Turnstile Dashboard
2. Click "Add Widget" and enter your site name
3. Add your domain (e.g., dwindi.com)
4. Choose Widget Mode: Managed (recommended) or Non-interactive
5. Copy the Site Key and Secret Key shown after creation

> Enable Cloudflare Turnstile

">

Site Key * " class="form-control" placeholder="0x4AAA..."> Public key for frontend (starts with 0x4AAA...)

Secret Key * " class="form-control" placeholder="0x4AAA..."> Private key for backend verification (starts with 0x4AAA...)

Theme

Size

Custom Error Message " class="form-control" placeholder="">

Honeypot Protection

>

">

" class="form-control" placeholder="">

IP Detection Method

Configure how to detect visitor IP addresses

IP Detection Priority

> Automatic (Recommended) Automatically detect IP through Cloudflare, proxies, and standard headers

> REMOTE_ADDR Only Only use REMOTE_ADDR (less accurate but more predictable)

Nonce Verification

WordPress security token to prevent CSRF attacks

Enable Nonce Verification (Always Active)

Nonce verification is always enabled for security. This protects against Cross-Site Request Forgery (CSRF) attacks.

Security Status

Security Check: Please configure at least one protection method (Rate Limiting, reCAPTCHA, or Turnstile).

Security Recommendations:

Enable at least one protection method (Rate Limiting, reCAPTCHA, or Turnstile)
Only enable ONE CAPTCHA solution at a time (reCAPTCHA or Turnstile)
For high-traffic sites, use Rate Limiting with reCAPTCHA v3
Regularly review rate limiting logs for suspicious activity