Title: Redeyed Sentinel
Author: Bruted
Published: <strong>Hulyo 16, 2026</strong>
Last modified: Hulyo 17, 2026

---

Search plugins

![](https://ps.w.org/redeyed-sentinel/assets/icon-256x256.png?rev=3610909)

# Redeyed Sentinel

 By [Bruted](https://profiles.wordpress.org/bruted/)

[Download](https://downloads.wordpress.org/plugin/redeyed-sentinel.1.0.5.zip)

 * [Details](https://ceb.wordpress.org/plugins/redeyed-sentinel/#description)
 * [Reviews](https://ceb.wordpress.org/plugins/redeyed-sentinel/#reviews)
 *  [Installation](https://ceb.wordpress.org/plugins/redeyed-sentinel/#installation)
 * [Development](https://ceb.wordpress.org/plugins/redeyed-sentinel/#developers)

 [Support](https://wordpress.org/support/plugin/redeyed-sentinel/)

## Description

Redeyed Sentinel is a free, self-hosted-friendly CAPTCHA and IP-reputation service
for WordPress. It protects the forms bots love most — login, registration, lost-
password and comments — without tracking your visitors or slowing your site down,
and can log every blocked attempt so you can see it working.

The plugin is **free to install and does nothing until you enter your keys**. With
no Site Key and Secret Key configured, Sentinel stays completely inert: no widget
is rendered, no requests are made, and your forms behave exactly as before.

**What you get**

 * Drop-in CAPTCHA widget on the WordPress login, registration, lost-password and
   comment forms.
 * Server-side verification on submission — tokens are checked against Sentinel 
   using your site’s Secret Key, which is never exposed in page markup.
 * Block log — optionally record every blocked attempt (form, IP, outcome, score,
   time) and review it under Settings  Sentinel Log.
 * Fail-open by design: if your keys are missing the plugin will not block anyone,
   and an admin notice reminds you that Sentinel is inactive.
 * Simple settings screen under Settings  Sentinel with per-form on/off switches.
 * Optional widget customization — set a site-wide widget type, theme, colour scheme,
   minimum difficulty, width and form key. Every field is optional and off by default.
 * Lightweight: one small async script, loaded only on the pages where a protected
   form appears.

**Privacy**

Your Secret Key is sent only from your server to the Sentinel verification endpoint(`/
sentinel/siteverify`). It is never printed in HTML. The public Site Key is the only
key that appears on the page, which is exactly what it is designed for.

## Installation

 1. Upload the `redeyed-sentinel` folder to the `/wp-content/plugins/` directory, or
    install the plugin through the **Plugins  Add New** screen in WordPress.
 2. Activate the plugin through the **Plugins** screen. The plugin is installed free
    and is inactive until you add your keys.
 3. Go to **Settings  Sentinel**.
 4. In the Redeyed Lab, open **Sentinel  Sites**, create a site, and copy its **Site
    Key** and **Secret Key** (the Secret Key is shown once).
 5. Paste the **Site Key** and **Secret Key** into the plugin settings.
 6. (Optional) Change the **Base URL** only if you run a self-hosted Sentinel deployment.
    The default is `https://redeyed.com`.
 7. Tick the forms you want to protect — **Login**, **Registration**, and/or **Comments**—
    and save.
 8. (Optional) Fill in any of the **Widget Customization** fields to change how the
    widget looks and behaves.

That’s it. Sentinel activates the moment both keys are present and at least one 
form is enabled.

## FAQ

### Does the plugin do anything before I enter my keys?

No. Without both a Site Key and a Secret Key, Sentinel is completely inert. No widget
is rendered and no verification requests are made. It is safe to install and leave
unconfigured.

### Where do I get my keys?

Both keys come from the Redeyed Lab  **Sentinel  Sites**. Each site has a public**
Site Key** (renders the widget) and a private **Secret Key** (used only server-side
to verify). The Secret Key is shown once when you create the site — copy it then.

### Is my Secret Key exposed on the page?

Never. The Secret Key is sent only from your server to the Sentinel verification
endpoint (`/sentinel/siteverify`). It is never written into your HTML and is never
displayed back on the settings screen once saved.

### What happens if Sentinel can’t be reached when someone submits a form?

If the verification request fails or the token is missing while Sentinel is configured,
that submission is blocked. If your keys are not configured at all, the plugin fails
open and never blocks a submission.

### Can I use this with a self-hosted Sentinel instance?

Yes. Change the **Base URL** on the settings screen to point at your own Sentinel
deployment.

### Which forms are supported?

The WordPress login form, the user registration form, and the comment form. Each
can be enabled independently.

### Can I customize how the widget looks?

Yes. The **Widget Customization** section of Settings  Sentinel adds six optional,
site-wide defaults, each rendered as a `data-*` attribute on the widget only when
you set it:

 * **Widget type** (`data-widget`) — e.g. `behavioral`, `checkbox`, `press_hold`,`
   image_pick`.
 * **Theme** (`data-theme`) — `auto`, `light` or `dark`.
 * **Colour scheme** (`data-scheme`) — a Sentinel colour-scheme name.
 * **Difficulty** (`data-difficulty`) — `easy`, `medium`, `hard`, `max`, or `1`–`
   6`.
 * **Width** (`data-width`) — e.g. `full`, `100%` or `340px`.
 * **Form key** (`data-form`) — an optional form identifier passed to the widget.

Every field is optional; leave any blank to use the Sentinel default. **Difficulty
only raises the challenge** — it sets a minimum strength above the adaptive baseline,
and a risky visitor is always challenged hard regardless. With Theme = `dark` and
Difficulty = `hard` the widget renders as `<div class="sentinel-captcha" data-sitekey
="…" data-theme="dark" data-difficulty="hard"></div>`.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Redeyed Sentinel” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ Bruted ](https://profiles.wordpress.org/bruted/)

[Translate “Redeyed Sentinel” into your language.](https://translate.wordpress.org/projects/wp-plugins/redeyed-sentinel)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/redeyed-sentinel/),
check out the [SVN repository](https://plugins.svn.wordpress.org/redeyed-sentinel/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/redeyed-sentinel/)
by [RSS](https://plugins.trac.wordpress.org/log/redeyed-sentinel/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.0.5

 * Added **Lost Password** form protection (with its own on/off toggle), alongside
   login, registration and comments.
 * Added a **Block Log**: optionally record every blocked attempt (form, IP, outcome,
   score, time) and review or clear it under **Settings  Sentinel Log**. Toggle 
   it under Protected Forms; the table is created on activation and removed on uninstall.

#### 1.0.4

 * Added widget **Width** option (`data-width`) and **Form** key (`data-form`) to
   the Widget Customization section. Both are optional and render as `data-*` attributes
   only when set.

#### 1.0.3

 * Fixed: the captcha could show “Verified” but the form still failed. Verification
   now sends the visitor’s real IP (`remoteip`, proxy/CDN-aware) so it matches the
   IP that solved the challenge.

#### 1.0.2

 * Added optional widget customization: **Widget type**, **Theme**, **Colour scheme**
   and **Difficulty** settings, rendered as `data-widget` / `data-theme` / `data-
   scheme` / `data-difficulty`. Difficulty only _raises_ challenge strength above
   the adaptive baseline.

#### 1.0.1

 * Verification now uses the site’s **Secret Key** against the public `/sentinel/
   siteverify` endpoint — no developer API key required.
 * Renamed the “API Key” setting to “Secret Key” to match the keys shown in the 
   Lab.

#### 1.0.0

 * Initial release.
 * CAPTCHA rendering and server-side verification for login, registration and comment
   forms.
 * Settings screen with Site Key, Secret Key, Base URL and per-form toggles.
 * Fail-open behaviour and admin notice when keys are missing.

## Meta

 *  Version **1.0.5**
 *  Last updated **2 days ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 5.8 or higher **
 *  Tested up to **7.0.2**
 *  PHP version ** 7.4 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/redeyed-sentinel/)
 * Tags
 * [captcha](https://ceb.wordpress.org/plugins/tags/captcha/)[comments](https://ceb.wordpress.org/plugins/tags/comments/)
   [login](https://ceb.wordpress.org/plugins/tags/login/)[security](https://ceb.wordpress.org/plugins/tags/security/)
   [spam](https://ceb.wordpress.org/plugins/tags/spam/)
 *  [Advanced View](https://ceb.wordpress.org/plugins/redeyed-sentinel/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/redeyed-sentinel/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/redeyed-sentinel/reviews/)

## Contributors

 *   [ Bruted ](https://profiles.wordpress.org/bruted/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/redeyed-sentinel/)