![]() |
Summary | Know what’s human in your Discourse forum - hardware-backed verification to distinguish human intent from automation |
![]() |
Repository Link | https://github.com/humanmark/discourse-humanmark |
![]() |
Install Guide | How to install plugins in Discourse |
Features
Know What’s Human - Distinguish human intent from automation:
- Verify human presence before creating posts, topics, or private messages
- Hardware-backed verification using secure device authentication (fingerprint/face recognition, device passcode)
- No puzzles or behavioral tracking
- Support for anonymous users and Discourse’s anonymous mode
Smart Bypass Rules - Balance security with user experience:
- Skip verification for staff members and trusted users
- Set trust level thresholds for automatic bypass
- Configure reverification periods per content type (posts/topics/messages)
- Maintain smooth experience for established community members
Privacy-First:
- Zero data retention - completely stateless verification
- No accounts or personal information required
- Instant verification takes just seconds
Advanced Integration:
- Comprehensive rate limiting (per-user and per-IP)
- Four admin reports for monitoring verification metrics
- Event-driven architecture
- Dynamic enabling/disabling without server restart
Configuration
-
Get your API credentials:
- Visit humanmark.dev to learn more
- Contact sales@humanmark.io for beta access
- We’re looking for select Discourse communities to participate in our beta program
-
Install the plugin:
# In your app.yml hooks: after_code: - exec: cd: $home/plugins cmd: - git clone https://github.com/humanmark/discourse-humanmark
Then rebuild:
./launcher rebuild app
-
Configure in Admin Panel:
- Navigate to Admin → Settings → Plugins → Humanmark
- Enter your API credentials and domain
- Choose which actions require verification (posts, topics, messages)
- Set bypass rules for staff and trust levels
- Enable the plugin (takes effect immediately, no restart needed)
-
Monitor with Admin Reports:
- Navigate to Admin → Reports
- Search for “humanmark” to see verification metrics
- Track activity, success rates, bypasses, and rate limits
Settings
Name | Description |
---|---|
API Configuration | |
humanmark_enabled |
Master on/off switch for the plugin |
humanmark_api_key |
Your public API key from Humanmark dashboard |
humanmark_api_secret |
Your private API secret (keep secure!) |
humanmark_domain |
Verification domain (must be allowlisted in your Humanmark account) |
Protection Settings | |
humanmark_protect_posts |
Require verification for post creation |
humanmark_protect_topics |
Require verification for new topics |
humanmark_protect_messages |
Require verification for private messages |
Bypass Settings | |
humanmark_bypass_staff |
Staff members skip verification |
humanmark_bypass_trust_level |
Minimum trust level to bypass (0-5, use 5 for no bypass) |
Rate Limiting | |
humanmark_max_challenges_per_user_per_minute |
Per-user minute limit (1-20, default: 3) |
humanmark_max_challenges_per_user_per_hour |
Per-user hourly limit (1-100, default: 15) |
humanmark_max_challenges_per_ip_per_minute |
Per-IP minute limit (1-50, default: 10) |
humanmark_max_challenges_per_ip_per_hour |
Per-IP hourly limit (1-500, default: 50) |
Reverification Periods | |
humanmark_reverify_period_posts |
Minutes before re-verification needed for posts (0-10080, default: 30) |
humanmark_reverify_period_topics |
Minutes before re-verification needed for topics (0-10080, default: 0) |
humanmark_reverify_period_messages |
Minutes before re-verification needed for messages (0-10080, default: 60) |
Other Settings | |
humanmark_theme |
Widget appearance (light/dark/auto) |
humanmark_flow_retention_days |
Days to keep verification records (1-365, default: 30) |
humanmark_debug_mode |
Log sensitive debug information (default: false) |
Note: Currently in beta - select Discourse communities receive an increased allotment of verifications in the free tier. See humanmark.dev/pricing for pricing details.