內容簡介
### 總結
Anti Browser DDoS Protection 外掛提供強大的保護,防範 WordPress 網站遭受 DoS 攻擊。這個外掛通過 IP 位址限速,可設定訂閱者、非登入使用者和經驗證的機器人的設定,同時排除管理員和其他非訂閱者角色。該外掛具備先進的機器人偵測功能,能識別並限制可疑機器人,也可即時根據 User Agent 封鎖惡意機器人,並支持 Cloudflare 以準確檢測客戶 IP 位址。靜態資源(如 CSS、JS、圖片)被排除以維持網站效能。直觀的管理面板讓您調整限速、機器人排除、信任的機器人 IP 範圍(自動刪除重複項目)、依 User Agent 封鎖機器人、日誌到期設定以及查看封鎖 IP 位址、禁止 IP 位址和高流量機器人的日誌,日誌每 30 秒自動更新,所有日誌具有 User Agent 詳細資訊和時間戳。您可以將排除機器人、機器人 IP 範圍和封鎖機器人清單匯出為 .txt 檔案,並匯入新條目以追加到現有清單,不重覆。
### 問題與答案
1. Anti Browser DDoS Protection 外掛的主要特點是什麼?
- 基於 IP 位址進行訂閱者和非登入使用者的限速
- 排除非訂閱者登入使用者(如管理員、編輯)
- 先進的機器人偵測功能,識別可疑機器人
- 即時根據 User Agent 封鎖惡意機器人
- 支援 Cloudflare 以準確檢測客戶 IP 位址
2. 這個外掛如何支援機器人管理?
- 可設定排除已驗證的機器人的限速
- 記錄超出此限制的機器人
- 追踪超出請求的已驗證機器人
3. 請問管理面板提供哪些配置設置?
- 最大請求、時間範圍、排除機器人、信任的機器人 IP 範圍等
- 封鎖機器人(User Agents)、禁止前封鎖、封鎖持續時間、高流量機器人限制等
- 日誌到期日設定
4. 如何匯出和匯入清單?
- 可將排除機器人、機器人 IP 範圍和封鎖機器人清單匯出為 .txt 檔案以供備份或轉移
- 可匯入 .txt 檔案以追加新條目到現有清單,會自動去除重複項
5. 如何顯示統計數據?
- 在管理面板上方顯示每日阻擋 IP 位址、禁止 IP 位址和高流量機器人的直條圖,以便於視覺化統計
這些問題和答案可幫助用戶更深入了解 Anti Browser DDoS Protection 外掛的功能和特點。
外掛標籤
開發者團隊
原文外掛簡介
The Anti Browser DDoS Protection plugin provides robust protection against denial-of-service (DoS) attacks on your WordPress site. It implements IP-based rate limiting, with configurable settings for subscribers, non-logged-in users, and verified bots, while excluding administrators and other non-subscriber roles. It features advanced bot detection to identify and limit suspicious bots, immediate blocking of malicious bots by User Agent, and supports Cloudflare for accurate client IP detection. Static assets (e.g., CSS, JS, images) are excluded to maintain site performance. An intuitive admin panel allows you to configure rate limits, bot exclusions, trusted bot IP ranges (with automatic duplicate removal), blocked bots by User Agent, log expiration settings, and view logs for blocked IPs, banned IPs, and high traffic bots with auto-refresh every 30 seconds, all with User Agent details and timestamps. You can export Excluded Bots, Bot IP Ranges, and Blocked Bots lists to .txt files and import new entries to append to existing lists without duplicates. Daily bar charts for Blocked IPs, Banned IPs, and High Traffic Bots are displayed above the logs for quick visual insights.
Key Features:
Rate limiting based on IP for subscribers and non-logged-in users, with configurable maximum requests and time window.
Excludes non-subscriber logged-in users (e.g., administrators, editors) from rate limiting.
Advanced bot detection to identify suspicious bots (bots using trusted User Agents but from unverified IPs).
Suspicious bots are subject to the same rate limiting as regular users and logged with User Agent in the Blocked IPs Log.
Immediate blocking of malicious bots by User Agent (e.g., MJ12bot, SemrushBot, DotBot by default) with customizable settings and logging.
Configurable rate limiting for verified excluded bots (default: 100 requests per minute), with logging for bots exceeding this limit.
High Traffic Excluded Bots Log to track verified bots with excessive requests, including IP, User Agent, and timestamp.
Admin panel to configure maximum requests, time window, excluded bots, trusted bot IP ranges, blocked bots (User Agents), blocks before ban, ban duration, high traffic bot limits, and log expiration (days).
Export Excluded Bots, Bot IP Ranges, and Blocked Bots lists to .txt files for backup or transfer.
Import .txt files for Excluded Bots, Bot IP Ranges, and Blocked Bots to append new entries to existing lists, with automatic duplicate removal.
Automatic removal of duplicate IP ranges in the Bot IP Ranges field on save, keeping the first occurrence.
Support for Cloudflare real IP detection using CF-Connecting-IP and X-Forwarded-For headers.
Excludes static assets (CSS, JS, images, fonts, etc.) from rate limiting to optimize performance.
Logs blocked IPs, banned IPs, and high traffic bots with IP, User Agent, and timestamps using the WordPress timezone, viewable in the admin panel with options to clear logs and auto-refresh every 30 seconds.
Daily bar charts for Blocked IPs, Banned IPs, and High Traffic Bots displayed above the logs in the admin panel for visual statistics.
Automatic log expiration (Blocked IPs, Banned IPs, High Traffic Bots) after a configurable number of days (default: 5 days), with hourly cleanup via WordPress Scheduler.
All error messages and logs prefixed with “Anti Browser DDoS Protection: ” for clarity.
Donate link in the admin panel to support the project.
Automatic cleanup of transients, blocked IPs, banned IPs, high traffic bots, blocked bots, bot IP ranges, and log expiration settings on plugin deactivation to prevent database bloat.
Ideal for WordPress sites seeking enhanced security against automated attacks, with seamless integration for Cloudflare users, advanced bot management, efficient log management, visual charts for statistics, and easy export/import for bot lists.
Plugin Assets img/
Icon Image
Normal: icon-128×128.png
High-DPI (Retina): icon-256×256.png
Bugs
Caching plugins such as WP Super Cache, W3 Total Cache, and others may bypass the DDoS protection provided by Anti Browser DDoS Protection, serving cached pages without triggering the plugin’s checks for blocked bots, rate limiting, or banned IPs.
– Solution: Disable all WordPress caching plugins to ensure full DDoS protection. Instead, enable Browser Caching using a service like Cloudflare to improve performance without compromising security.
Enable standard type Caching and Configure Cloudflare Browser Cache TTL (e.g., 8 days) via Caching > Configuration in the Cloudflare dashboard.- Cloudflare Compatibility: Ensure Cloudflare is configured to pass CF-Connecting-IP headers for accurate IP detection. Check your Cloudflare dashboard if logged IPs are incorrect.
– Bot IP Ranges: Update the Bot IP Ranges field every 6 months (next update: March 2026) using official sources (e.g., Google, Bing, Yandex documentation). Duplicate ranges are automatically removed on save. Export to .txt for backup or import from .txt to append new ranges.
– Blocked Bots: Add malicious bots to the Blocked Bots (User Agents) field (e.g., MJ12bot, SemrushBot, DotBot) to block them immediately. Blocked bots are logged with their IP and User Agent. Export to .txt for backup or import from .txt to append new entries.
– Excluded Bots: Add trusted bots (e.g., Googlebot, Bingbot) to the Excluded Bots field to exempt them from regular rate limiting (if from verified IPs). Export to .txt for backup or import from .txt to append new entries.
– High Traffic Bots: Verified bots exceeding the configured limit (default: 100 requests per minute) are logged for monitoring but not blocked. Check the High Traffic Excluded Bots Log regularly.
– Log Expiration: Set the Log Expires (Days) setting to control how long logs are retained (default: 5 days). Cleanup runs hourly via WordPress Scheduler. Logs older than the specified days are automatically deleted.
– Timezone: Set the WordPress timezone correctly (e.g., Europe/Athens for Greece) in Settings > General > Timezone to ensure accurate timestamp display in logs and charts.
– Performance: For high-traffic sites, clear the Blocked IPs Log, Banned IPs Log, and High Traffic Excluded Bots Log regularly, or set a lower Log Expires (Days) value to prevent database growth.
– Customization: Contact the author for additional features like custom error pages, email notifications for high traffic bots, or advanced logging.
– Support the Project: If you find this plugin useful, consider supporting its development via the donation link in the admin panel or plugin page.
