CommVatar – Custom Avatars, Captcha & Comment Socialiser

CommVatar – Custom Avatars, Captcha & Comment Socialiser transforms your WordPress comment section into a thriving social engagement hub. Go beyond the default comment system with custom avatars, activity feeds, gamification badges, and intelligent spam protection.

Core Features

• Custom Avatar Uploads — Let users upload and crop their own comment avatars with an integrated image cropper
• Comment History Hub — Users can view and navigate all their past comments from a single panel
• Role-Based Gamification Badges — Automatic badges for Admins, Moderators, Post Authors, Top Commenters, Most Loved, and New Members
• Reddit-Style Voting — Like/Dislike system with IP-based duplicate vote prevention
• Top Commenters Widget — Sidebar widget showing your most active community members with medals
• Community Moderation — Users can flag inappropriate comments for admin review
• Rich Text Editor — Replace the plain textarea with a TinyMCE-powered comment editor
• Image Attachments — Allow users to attach images to their comments with a lightbox viewer

Spam Defense Layer

• 6 CAPTCHA Providers — Math, Word, Google reCAPTCHA v2, reCAPTCHA v3, hCaptcha, Cloudflare Turnstile
• Invisible Honeypot Traps — Catch bots without user interaction
• Time-Based Traps — Detect suspiciously fast form submissions
• AI-Powered NSFW Filter — Sightengine integration blocks explicit image uploads
• AJAX-Driven CAPTCHAs — Bypass page caching for always-fresh challenges

WooCommerce Compatible

CAPTCHA protection extends to WooCommerce login, registration, and lost password forms.

Dashboard Analytics

• Live spam interception feed with IP tracking
• 7-day engagement chart (comments vs spam)
• Community moderation queue with one-click actions

Third-Party Services

This plugin connects to external third-party services under specific conditions. No data is sent to any external service unless the site administrator explicitly enables the feature and provides API keys. All connections use the WordPress HTTP API.

1. Sightengine — AI Image Moderation

• What it does: Scans uploaded avatar and comment attachment images for NSFW, violent, or explicit content using AI models.
• When it’s used: Only when the administrator enables “NSFW Image Filter” in plugin settings AND provides Sightengine API credentials.
• Data sent: The uploaded image file (binary), API user ID, API secret key.
• Service URL: https://api.sightengine.com/1.0/check.json
• Provider: Sightengine
• Terms of Service: https://sightengine.com/policies/terms
• Privacy Policy: https://sightengine.com/policies/privacy

2. Google reCAPTCHA (v2 and v3)

• What it does: Protects forms (comments, login, registration, lost password) from spam and abuse using Google’s reCAPTCHA challenge system.
• When it’s used: Only when the administrator selects “reCAPTCHA v2” or “reCAPTCHA v3” as the CAPTCHA provider AND provides Google API keys.
• Data sent: User interaction token, secret key, client IP address (sent server-side for verification).
• Service URLs:
  • Widget: https://www.google.com/recaptcha/api.js
  • Verification: https://www.google.com/recaptcha/api/siteverify
• Provider: Google
• Terms of Service: https://policies.google.com/terms
• Privacy Policy: https://policies.google.com/privacy

3. Cloudflare Turnstile

• What it does: Provides a privacy-focused CAPTCHA alternative to protect forms from bots.
• When it’s used: Only when the administrator selects “Turnstile” as the CAPTCHA provider AND provides Cloudflare API keys.
• Data sent: User interaction token, secret key (sent server-side for verification).
• Service URLs:
  • Widget: https://challenges.cloudflare.com/turnstile/v0/api.js
  • Verification: https://challenges.cloudflare.com/turnstile/v0/siteverify
• Provider: Cloudflare
• Terms of Service: https://www.cloudflare.com/terms/
• Privacy Policy: https://www.cloudflare.com/privacypolicy/

4. hCaptcha

• What it does: Provides a privacy-respecting CAPTCHA service to protect forms from automated abuse.
• When it’s used: Only when the administrator selects “hCaptcha” as the CAPTCHA provider AND provides hCaptcha API keys.
• Data sent: User interaction token, secret key (sent server-side for verification).
• Service URLs:
  • Widget: https://hcaptcha.com/1/api.js
  • Verification: https://hcaptcha.com/siteverify
• Provider: hCaptcha (Intuition Machines, Inc.)
• Terms of Service: https://www.hcaptcha.com/terms
• Privacy Policy: https://www.hcaptcha.com/privacy