HandOff

Detailed Documentation

Effort That Can Be Stolen in Seconds

Right-click. Ctrl+C. Ctrl+U. A few seconds, and the content you produced with effort is published on another site. Content theft is one of the biggest pain points for bloggers — content you spent hours, days creating gets duplicated for free.

HandOff makes those attempts harder, deters them, and documents them. Total prevention is technically impossible — we say this openly. This is a deterrence layer.

The Deterrence Layer: Block + Document

HandOff handles two core jobs:

• Deterrence: The right-click menu is disabled. Ctrl+C, Ctrl+U, and Ctrl+S keyboard combinations are intercepted. Text selection is disabled (in content areas). Drag-and-drop image copying is blocked.
• Documentation: Every violation attempt is recorded in the wp_handoff_logs table. Which IP, which page, which type of violation — all of it.

A technically savvy attacker can bypass these blocks (developer tools, view-source, web scrapers). But HandOff logs that too — the attacker's attempt is documented and can be used as evidence in legal proceedings.

Server-Side Admin Bypass

A critical feature of HandOff: admin users are automatically exempt from all restrictions. Users with the manage_options capability can copy normally and view source.

This check happens server-side — through WordPress's current_user_can() function. Such bypasses done via JavaScript can be easily defeated; HandOff eliminates that risk through server-side validation.

Hall of Violations: Violation Logging Panel

The Violations tab in the admin panel shows you the last 7 days of violation statistics:

• Total violation count (daily/weekly)
• The IP addresses with the most attempts
• Violation type distribution (right-click vs Ctrl+C vs Ctrl+U)
• Page-level violation heatmap — which content is targeted most
• Hour-based distribution — peak attack times

All logs can be exported as CSV. This is admissible as evidence in copyright infringement litigation.

Performance

HandOff's client-side script is written in vanilla JavaScript — there is no jQuery dependency. The minified size is under 20KB. It loads with the defer attribute and does not block page render. Performance is identical on mobile and desktop.

Per-Post Rule Exceptions

You can disable HandOff for specific posts. For example: in your technical posts containing code samples, you can disable HandOff for those posts so users can copy code. Per-post override is one click in the admin panel.

Full Security Together With Hidden Door

HandOff provides content security — Hidden Door provides login security. Together they close both major attack surfaces of your site. While Hidden Door blocks unauthorized logins, HandOff documents unauthorized content copying.

Honest Disclosure: Total Protection Is Impossible

We tell you openly when selling HandOff: we cannot fully protect content. No plugin can. View-source, screenshots, OCR, browser developer tools — none of these technologies can be fully blocked.

But HandOff stops casual users (95% of content copying attempts). The remaining 5% of technically skilled attackers are documented — providing defense in legal proceedings. This is a realistic level of protection.

Compliance Notes

• ISO 27001:2022 — A.5.32: Intellectual property rights. Violation logging supports this control.
• ISO 27001:2022 — A.8.16: Logging. Hall of Violations.
• COBIT 2019 — DSS06: Business process control management.