Transcom Group Veritus

WordPress

WordPress integration is simplest via the JS widget — no plugin needed.

Method 1 — Add via theme functions.php

Adds the widget to every WordPress page; safe because Veritus only activates when it finds your specific form selector. 

// In your theme's functions.php
add_action('wp_footer', function() {
    $form_uuid = 'YOUR-FORM-UUID';   // from /dashboard/forms/<id>
    ?>
    <script src="https://api.veritus.uk/v1/widget.js"></script>
    <script>
      if (document.getElementById('wpforms-form-123')) {
        Veritus.protect({
          form: '#wpforms-form-123',
          formUuid: '<?php echo esc_js($form_uuid); ?>',
          onBlock: () => alert('Unable to submit; please contact us.'),
        });
      }
    </script>
    <?php
});

Method 2 — Custom HTML block (Gutenberg)

Edit the page containing your signup form. Add a "Custom HTML" block below it: 

<script src="https://api.veritus.uk/v1/widget.js"></script>
<script>
  Veritus.protect({
    form: '#your-form-selector',
    formUuid: 'YOUR-FORM-UUID',
  });
</script>

Compatibility notes

  • WPForms: form IDs are like #wpforms-form-123. Find yours by inspecting the page.
  • Contact Form 7: form selector is .wpcf7-form. Use class selector instead of id.
  • WooCommerce checkout: don't use the widget here — use server-side calls during the wp_login or user_register hook instead.
  • Gravity Forms: selector is #gform_N where N is the form id.

PHP plugin alternative

If you prefer scoring server-side from WordPress (no JS dependency): 

// On the user_register action
add_action('user_register', function($user_id) {
    $user = get_userdata($user_id);

    $ch = curl_init('https://api.veritus.uk/v1/score');
    curl_setopt_array($ch, [
        CURLOPT_POST           => true,
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_HTTPHEADER     => [
            'Authorization: Bearer ' . VERITUS_API_KEY,
            'Content-Type: application/json',
        ],
        CURLOPT_POSTFIELDS => json_encode([
            'signup' => [
                'email' => $user->user_email,
                'ip'    => $_SERVER['REMOTE_ADDR'],
            ],
        ]),
    ]);
    $resp = json_decode(curl_exec($ch), true);

    if ($resp['verdict'] === 'block') {
        // Remove the just-created user
        require_once(ABSPATH . 'wp-admin/includes/user.php');
        wp_delete_user($user_id);
        wp_die('Sign-up not permitted.');
    } elseif ($resp['verdict'] === 'review') {
        update_user_meta($user_id, 'veritus_pending_review', 1);
    }
});
Found a typo or have a suggestion? Let us know.