Invisible WordPress bot and spam protection — TrustSig for WordPress, Contact Form 7, and WooCommerce.

Why WordPress sites need real bot protection

WordPress runs over forty percent of the public web, which makes it the single largest attack surface for automated fraud. Comment spam, fake user registrations, credential stuffing against wp-admin, scraped product inventory on WooCommerce, and CAPTCHA-defeating bot farms target WordPress sites constantly. Akismet only touches comments. Google reCAPTCHA breaks GDPR, frustrates customers, and is routinely defeated by commercial bot farms. TrustSig replaces both with hardware-level signals that bots cannot fake.

One plugin. Every WordPress form protected.

A single activation protects the WordPress login screen, password reset flow, user registration, the default comment form, Contact Form 7, Gravity Forms, Ninja Forms, WPForms, and WooCommerce checkout and account creation. No shortcodes to add. No per-form configuration. Drop in the plugin and every endpoint is covered.

Login and wp-admin protection

Credential stuffing attacks against wp-login.php are blocked before the password is ever checked. TrustSig fingerprints the rendering environment and rejects headless browsers, scripted clients, and bot farms.

Comment spam elimination

Comment spam is blocked deterministically before it hits your moderation queue. No Akismet API key. No paid subscription. No false positives flagging real customers.

WooCommerce checkout and cart protection

Inventory bots, gift-card cracking, fake checkout submissions, and BIN-attack carding attempts are blocked at the edge. Your real customers complete checkout without ever seeing a captcha or puzzle.

GDPR-native. Cookieless. EU-hosted.

TrustSig stores zero cookies, zero personal data, and zero behavioural tracking. Built in Estonia, hosted in Germany, and engineered for GDPR Article 25 compliance from the ground up. No US data transfer. No consent banner required for the bot protection layer.

Install in 60 seconds

Upload via Plugins → Add New → Upload Plugin. Activate. Every WordPress form on the site is now protected. No API key required for the free tier. Paid tiers unlock additional domains, higher request volumes, and priority support, but every customer receives the full deterministic threat engine including hardware attestation and bot farm blocking from day one.

Honest pricing for WordPress sites

The free tier covers 50,000 requests per month across two domains and includes the complete threat detection engine. Growth tier at €29 per month covers 300,000 requests across three domains. Business tier at €79 per month covers 750,000 requests across twenty-five domains with priority support. Enterprise pricing is custom and includes a dedicated account manager.

Built by national cyber defence operators

TrustSig is built by former NATO CCDCOE exercise managers, the team behind Locked Shields and Crossed Swords — the world's largest live-fire cyber exercises. The same operational grade now defends WordPress sites against automated fraud and bot abuse.