Version 2.5 of the free plugin was released this morning.
- Interstitial consent gate before session creation — no API call on page load, eliminating passive bot session consumption
- Biometric consent checkbox serves as explicit user consent capture (supports BIPA/CIPA compliance requirements)
- HMAC-signed timing gate rejects automated interactions faster than 1 second after page render
- Visitor IP address now passed to the API for per-IP rate limiting (CF-Connecting-IP with REMOTE_ADDR fallback)
- Verification UI dynamically rendered after consent via AJAX — same QR code, popup, and polling functionality
- Added FAQ about wp-content/uploads limitation
