Block Transparency
Block Transparency shows exactly why a request was blocked — not just that it was blocked. This feature provides detailed reason codes, score breakdowns, and actionable explanations for every blocked submission.
Reason Codes
Every blocked or suspicious request is tagged with one or more reason codes that explain which behavioral signals triggered the block.
| Code | Description | Action |
|---|---|---|
| FAST_TYPING | Characters were typed too fast for a human. Average inter-key interval below the natural threshold. | Legitimate fast typists can solve a CAPTCHA challenge to prove they are human. |
| NO_KEY_VARIANCE | All keystrokes had identical timing. Natural typing always has variation in speed. | This is a strong bot indicator. Automated tools paste text with zero variance. |
| SHORT_KEY_DWELL | Keys were released too quickly. Humans hold keys for a few milliseconds; automated tools release instantly. | Often seen with keyboard macro tools or browser automation. |
| NO_TYPING_PAUSES | No natural pauses between words or sentences. Humans pause while thinking or reading. | Indicates the form was filled in one continuous burst — typical for automated scripts. |
| LINEAR_MOUSE_PATH | Mouse moved in perfectly straight lines. Human mouse movement has natural curves and jitter. | Automation frameworks like Selenium or Puppeteer produce linear paths by default. |
| ABNORMAL_MOUSE_SPEED | Mouse moved at an unnatural speed — either impossibly fast or perfectly constant. | Real mouse movement has acceleration and deceleration patterns. |
| NO_MOUSE_MOVEMENT | No mouse movement was detected at all during the session. | Mobile users legitimately have no mouse. This code is weighted lower on mobile devices. |
| NO_FOCUS_EVENTS | The page was never focused or the tab was not visible during form filling. | Headless browsers often don't trigger focus events correctly. |
| MISSING_BROWSER_FEATURES | Expected browser APIs are missing or return unexpected values. | Headless browsers and automation tools often lack WebGL, AudioContext, or Canvas support. |
| INCONSISTENT_CAPABILITIES | The reported browser capabilities don't match the User-Agent string. | Bot operators often spoof User-Agent but forget to match browser features. |
| NO_FINGERPRINTS | No browser fingerprints could be collected (Canvas, WebGL, AudioContext). | May indicate a headless browser or very aggressive privacy settings. |
| FINGERPRINT_BLACKLISTED | The browser fingerprint hash matches a known bot fingerprint in the blocklist. | The fingerprint was previously identified as belonging to an automated tool. |
| DATACENTER_IP | The request originated from a known datacenter IP range (AWS, GCP, Azure, etc.). | Legitimate users rarely browse from datacenter IPs. VPN users may trigger this. |
Score Breakdown
Each request receives a composite score (0.0–1.0) built from 7 sub-scores. The dashboard shows the breakdown so you can understand which category triggered a low score.
| Category | Description | Weight |
|---|---|---|
| Keyboard | Typing speed, inter-key intervals, and dwell time patterns. | 30% |
| Pause | Natural pauses between words and sentences during typing. | 20% |
| Mouse | Mouse movement entropy, path curvature, and click patterns. | 20% |
| Speed | Mouse movement speed distribution and acceleration patterns. | 5% |
| Context | Page focus, tab visibility, and interaction timing. | 10% |
| Scroll | Scroll behavior and page interaction depth. | 5% |
| Capabilities | Browser feature consistency and fingerprint verification. | 10% |
Block Log
The Block Log tab shows a paginated list of all blocked and suspicious requests. Each entry includes the timestamp, verdict, score, reason codes, page path, and country. Click any row to open the detail drawer with the full score breakdown.
- Timestamp — when the request was received
- Verdict — bot (red) or suspicious (amber)
- Score — the composite behavior score
- Reasons — the triggered reason codes as badges
- Page — which page the form was on
- Country — geo-location of the visitor
Score Distribution
The Score Distribution tab shows a histogram of all behavior scores. Bars are color-coded: green (≥ 0.7, human), amber (0.4–0.7, suspicious), red (< 0.4, bot). A healthy site shows most requests in the green zone.
Interpretation
If you see a large number of requests in the red zone, your site may be under active bot attack. Use Security Policies to configure automatic blocking thresholds.
WordPress Plugin Analytics
The WordPress plugin includes a built-in Analytics page (SilentShield → Analytics) that shows block statistics directly in your WordPress admin. Enable 'Detailed Tracking' in Extended Settings to start collecting data.
- Overview cards: Blocked Today, This Week, This Month, Block Rate
- Timeline chart showing blocks per day
- Breakdown by protection module (Timer, Honeypot, Captcha, IP Ban, etc.)
- Reason code frequency table
- Paginated block log with detail drawer
- Score breakdown for API-mode blocks (shows SilentShield sub-scores)
Standalone Mode
In standalone mode (without SilentShield API), the plugin logs which protection module blocked the request (e.g., SUBMIT_TOO_FAST, HONEYPOT_FILLED, CAPTCHA_WRONG) with human-readable explanations.
API Mode
In API mode, the plugin additionally logs the SilentShield reason codes (FAST_TYPING, NO_MOUSE_MOVEMENT, etc.), the behavior score, and the full score breakdown when 'Detailed Tracking' is enabled.
Privacy
Block logs never contain personally identifiable information. IP addresses are stored as SHA-256 hashes. No User-Agent strings are logged. Data is automatically deleted after the configured retention period (default: 30 days).