Humanmark for Discourse - Hardware-Backed Humanity Verification

:information_source: Summary Know what’s human in your Discourse forum - hardware-backed verification to distinguish human intent from automation
:hammer_and_wrench: Repository Link https://github.com/humanmark/discourse-humanmark
:open_book: Install Guide How to install plugins in Discourse

verification-flow

Features

Know What’s Human - Distinguish human intent from automation:

  • Verify human presence before creating posts, topics, or private messages
  • Hardware-backed verification using secure device authentication (fingerprint/face recognition, device passcode)
  • No puzzles or behavioral tracking
  • Support for anonymous users and Discourse’s anonymous mode

Smart Bypass Rules - Balance security with user experience:

  • Skip verification for staff members and trusted users
  • Set trust level thresholds for automatic bypass
  • Configure reverification periods per content type (posts/topics/messages)
  • Maintain smooth experience for established community members

Privacy-First:

  • Zero data retention - completely stateless verification
  • No accounts or personal information required
  • Instant verification takes just seconds

Advanced Integration:

  • Comprehensive rate limiting (per-user and per-IP)
  • Four admin reports for monitoring verification metrics
  • Event-driven architecture
  • Dynamic enabling/disabling without server restart

Configuration

  1. Get your API credentials:

    • Visit humanmark.dev to learn more
    • Contact sales@humanmark.io for beta access
    • We’re looking for select Discourse communities to participate in our beta program
  2. Install the plugin:

    # In your app.yml
    hooks:
      after_code:
        - exec:
            cd: $home/plugins
            cmd:
              - git clone https://github.com/humanmark/discourse-humanmark
    

    Then rebuild: ./launcher rebuild app

  3. Configure in Admin Panel:

    • Navigate to Admin → Settings → Plugins → Humanmark
    • Enter your API credentials and domain
    • Choose which actions require verification (posts, topics, messages)
    • Set bypass rules for staff and trust levels
    • Enable the plugin (takes effect immediately, no restart needed)
  4. Monitor with Admin Reports:

    • Navigate to Admin → Reports
    • Search for “humanmark” to see verification metrics
    • Track activity, success rates, bypasses, and rate limits

Settings

Name Description
API Configuration
humanmark_enabled Master on/off switch for the plugin
humanmark_api_key Your public API key from Humanmark dashboard
humanmark_api_secret Your private API secret (keep secure!)
humanmark_domain Verification domain (must be allowlisted in your Humanmark account)
Protection Settings
humanmark_protect_posts Require verification for post creation
humanmark_protect_topics Require verification for new topics
humanmark_protect_messages Require verification for private messages
Bypass Settings
humanmark_bypass_staff Staff members skip verification
humanmark_bypass_trust_level Minimum trust level to bypass (0-5, use 5 for no bypass)
Rate Limiting
humanmark_max_challenges_per_user_per_minute Per-user minute limit (1-20, default: 3)
humanmark_max_challenges_per_user_per_hour Per-user hourly limit (1-100, default: 15)
humanmark_max_challenges_per_ip_per_minute Per-IP minute limit (1-50, default: 10)
humanmark_max_challenges_per_ip_per_hour Per-IP hourly limit (1-500, default: 50)
Reverification Periods
humanmark_reverify_period_posts Minutes before re-verification needed for posts (0-10080, default: 30)
humanmark_reverify_period_topics Minutes before re-verification needed for topics (0-10080, default: 0)
humanmark_reverify_period_messages Minutes before re-verification needed for messages (0-10080, default: 60)
Other Settings
humanmark_theme Widget appearance (light/dark/auto)
humanmark_flow_retention_days Days to keep verification records (1-365, default: 30)
humanmark_debug_mode Log sensitive debug information (default: false)

Note: Currently in beta - select Discourse communities receive an increased allotment of verifications in the free tier. See humanmark.dev/pricing for pricing details.

4 Likes