I am Human Security & Risk Analysis
wordpress.org/plugins/i-am-humanA customisable human detection plugin, that isn't annoying. Seriously.
Is I am Human Safe to Use in 2026?
Generally Safe
Score 85/100I am Human has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "i-am-human" v1.2 plugin exhibits a mixed security posture. On the positive side, it demonstrates a commitment to secure database interactions by exclusively using prepared statements for its SQL queries and does not appear to make external HTTP requests. The absence of known vulnerabilities in its history is also a positive indicator. However, significant concerns arise from the static analysis. A notable portion of the plugin's attack surface, specifically one AJAX handler, lacks any authentication checks, presenting a direct entry point for potential attackers. Furthermore, the analysis reveals a complete absence of output escaping for all detected outputs, which is a critical vulnerability that can lead to Cross-Site Scripting (XSS) attacks. The presence of unsanitized paths in the taint analysis, although not classified as critical or high severity in this instance, warrants attention as it indicates a potential for path traversal vulnerabilities.
Key Concerns
- AJAX handler without authentication checks
- 0% of outputs properly escaped
- Flows with unsanitized paths
- No nonce checks on AJAX entry points
I am Human Security Vulnerabilities
I am Human Code Analysis
Output Escaping
Data Flow Analysis
I am Human Attack Surface
AJAX Handlers 1
WordPress Hooks 8
Maintenance & Trust
I am Human Maintenance & Trust
Maintenance Signals
Community Trust
I am Human Alternatives
CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7
contact-form-7-honeypot
Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.
Spam protection, Honeypot, Anti-Spam by CleanTalk
cleantalk-spam-protect
Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.
ReCaptcha v2 for Contact Form 7
wpcf7-recaptcha
Adds reCaptcha v2 from Contact Form 7 5.0.5 that was dropped on Contact Form 7 5.1
CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress
advanced-nocaptcha-recaptcha
Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.
Captcha Code
captcha-code-authentication
GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.
I am Human Developer Profile
2 plugins · 30 total installs
How We Detect I am Human
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/i-am-human/css/grid_styles.css/wp-content/plugins/i-am-human/js/iamhuman.js/wp-content/plugins/i-am-human/js/iamhuman.jsi-am-human/js/iamhuman.js?ver=HTML / DOM Fingerprints
iamhuman_gridiamhuman_messagecolour_bgcolour_onecolour_twocell_mouse_over Remember this is only displayed for users that are not logged in. NOTE: The answer field exists within the form because the validation occurs twice; once when the user clicks "check" via AJAX, and the second when the form is actually processed on the server. +2 moreid="iamhuman_container"title=""id="iamhuman_dialog_contents"id="iamhuman_description"id="iamhuman_grid"class='iamhuman_grid'+6 moreiamhuman_mainiamhuman_gridiamhuman_messagecolour_bgcolour_onecolour_two+16 more/wp-json/<div id='iamhuman_container' style='display: none' title=''> ... </div><input id="iamhuman_answer" name="iamhuman_answer" type="hidden" value="" />