Supertab Connect
Supertab Connect lets you define how AI systems and automated scrapers can access your content. You can define licensing terms, manage partner access, and track usage without building custom infrastructure. Supertab Connect handles the underlying systems, including license servers, token management, and request verification, so you can focus on controlling who accesses your content and how it’s used. It provides two core capabilities: RSL License Serving Automatically serves your site’s RSL license at /license.xml. The license is fetched from the Supertab Connect API and cached locally for performance, enabling crawlers and AI agents to discover your content’s licensing terms. Crawler Authentication Protocol (CAP) Verify that connected partners are accessing your content present valid license tokens. This allows you to: confirm which customers are accessing your content monitor usage against declared licensing terms control access for specific parts of your site How It Works Enter your Website URN from the Supertab Connect dashboard Your license.xml is immediately served at your site root Optionally add your Merchant API Key to enable license verification Configure which parts of your site require verification via the Crawler Authentication Protocol Features Automatically serves your license file at /license.xml Caches license XML locally for performance No infrastructure changes required Optional verification for connected partners via the Crawler Authentication Protocol Flexible control over which parts of your site are covered External Services This plugin connects to the Supertab Connect API to provide its functionality: RSL License Serving — Your Website URN is sent to retrieve your site’s license XML file. This happens on every request to /license.xml (cached locally after first fetch). Crawler Authentication Protocol — When enabled by the site administrator, page URLs and user agent strings from bot requests are sent to verify license tokens and record usage events. No personal data from your site visitors is collected or transmitted. Supertab Terms of Use and Privacy Policy
Top keywords
- license15×4.73%
- site8×2.52%
- license xml6×1.89%
- supertab6×1.89%
- xml6×1.89%
- connect5×1.58%
- content5×1.58%
- supertab connect5×1.58%
- authentication4×1.26%
- authentication protocol4×1.26%
- crawler4×1.26%
- crawler authentication4×1.26%
TrustSig Security
TrustSig Security protects WordPress forms and API endpoints from scripted bots and brute-force attacks. No puzzles. No “I am not a robot” checkboxes. No third-party signup required to start. Coverage depends on the protection mode you choose — see “Protection modes” below. Why TrustSig Protects every important form out of the box — login, registration, comments, password reset, WooCommerce checkout, BuddyPress signup, Easy Digital Downloads, Elementor Pro forms, WPForms (including the Mesmerize / Materialis contact form), Contact Form 7, SureForms, and any custom form via shortcode. Stops brute-force login attempts with built-in lockout after repeated failures. Invisible to humans — real visitors are verified in under a second by a non-interactive browser check. No CAPTCHA, no images to click. Three protection modes — Monitor (log only), Challenge (default, soft block with auto-retry), Enforce (hard block). Zero configuration — activate the plugin and protection is live immediately. Anonymous free tier needs no account. Works with caching plugins, WPML, multisite and most themes — forms are signed server-side with a per-site secret. Developer-friendly — PHP helper trustsig_verify(), REST endpoint /wp-json/trustsig/v1/verify, filters and actions for custom forms. Optional admin-ajax and REST API guard for advanced sites. GPLv2 — fully open source. How it works TrustSig injects a lightweight browser SDK, signs every rendered form with a per-site secret, and verifies submissions against the TrustSig Edge service. Real visitors pass an invisible check in about a second; scripted clients that never run JavaScript are stopped. When a request arrives without a valid token, TrustSig does not silently fail open. Depending on the mode you choose it serves a lightweight “please wait” interstitial that re-verifies the browser and then transparently continues the original request — or blocks it. The plugin works out of the box with no account and no API keys (anonymous free tier). Connecting a TrustSig dashboard account is optional and only adds analytics and higher limits. Protection modes Monitor — verify and log only, never block. Used for safe rollout; the upgrade path also pins existing sites here so behaviour never changes silently on update. Challenge (default for new installs) — a missing or invalid token shows the interstitial, then continues or blocks. Enforce — a missing or invalid token is blocked immediately. What it protects Browser forms are protected automatically with no code: WordPress core — login, registration, comments, lost/reset password WooCommerce — login, registration, checkout, pay order, lost password BuddyPress — registration Easy Digital Downloads — login, registration Elementor Pro forms WPForms — contact and other forms, on by default (covers the Mesmerize / Materialis contact section) Contact Form 7 — feedback submissions, on by default (guarded on the REST endpoint CF7 submits to) SureForms — form submissions, on by default (guarded on the REST submit-form endpoint) Any other form (site-wide “protect all forms” option, the [trustsig_form] shortcode, or a hidden trustsig-response input) It also includes optional brute-force lockout for repeated failed logins, an opt-in admin-ajax / REST API guard, and a developer verification API. For developers PHP: trustsig_verify( array( 'token' => $t, 'action' => 'my_form' ) ) returns pass | fail | challenge. Filters: trustsig_pre_verify, trustsig_result. Action: trustsig_blocked. REST: POST /wp-json/trustsig/v1/verify with { "token": "..." }. Known limitations XML-RPC (xmlrpc.php) is intentionally out of scope and is not verified. Disable XML-RPC separately if it is unused on your site. admin-ajax and the REST API are only protected when explicitly enabled in Settings, to avoid breaking third-party integrations. File-upload and AJAX submissions cannot show the interstitial; under Challenge or Enforce mode a missing token on those is blocked, never silently allowed. External services This plugin relies on the TrustSig Edge service to decide whether a request comes from a human or an automated client. This bot-detection verdict cannot be produced locally, so the service is required for the plugin’s core functionality. Service provider: TrustSig — https://trustsig.eu Remote script loaded in the browser: https://edge.trustsig.eu/trustsig.js is loaded on pages that contain a protected form, on the login screen, and on the verification interstitial. The script runs the non-interactive browser check and produces a verification token. Data sent from the visitor’s browser / your server to https://edge.trustsig.eu/verify: the TrustSig verification token generated by the SDK in the visitor’s browser; your site’s host name (e.g. example.com) on the anonymous free tier, or, if you connect a dashboard account, the secret key you entered; as part of any HTTPS request, the visitor’s IP address and standard request metadata (such as the user-agent) are visible to the service. When data is sent: when the SDK loads on a protected page, when a protected form is submitted, and once per browser when the optional verified-session cookie is bootstrapped. Data stored locally on your site: TrustSig writes a verification log to your own WordPress database (custom tables) that includes visitor IP addresses, the action attempted, and the verdict. This data is not sent to TrustSig; you can clear it at any time from Settings → TrustSig → Tools. By installing and activating this plugin you (the site administrator) consent to this data being sent to TrustSig so that requests can be verified. Inform your own site’s visitors as required by your local privacy obligations. Terms of Service: https://trustsig.eu/terms-of-service/ Privacy Policy: https://trustsig.eu/privacy