內容簡介
Baskerville AI Security 是一款全面的 WordPress 安全外掛,透過多種偵測方法保護您的網站免受惡意機器人、AI 爬蟲及不必要流量的侵擾。
【主要功能】
• AI 機器人偵測 - 智能分類機器人與人類
• GeoIP 存取控制 - 按國家封鎖或允許流量
• Cloudflare Turnstile - 精準的 CAPTCHA 挑戰
• 瀏覽器指紋識別 - 進階的客戶端指紋技術
• 蜜罐偵測 - 隱藏連結捕捉 AI 爬蟲
• 實時分析 - 直播數據及流量統計
外掛標籤
開發者團隊
原文外掛簡介
Baskerville is a comprehensive WordPress security plugin that protects your site from malicious bots, AI crawlers, and unwanted traffic using multiple detection methods.
Key Features:
AI Bot Detection – Intelligent classification of bots vs. humans with configurable score thresholds
GeoIP Access Control – Block or allow traffic by country (whitelist/blacklist modes)
Cloudflare Turnstile – CAPTCHA challenge for borderline bot scores with precision analytics
Browser Fingerprinting – Advanced client-side fingerprinting (Canvas, WebGL, Audio)
Honeypot Detection – Hidden links to catch AI crawlers
Real-Time Analytics – Live feed, traffic statistics, and Turnstile precision metrics
Under Attack Mode – Emergency mode to challenge all visitors during attacks
IP Whitelist – Bypass firewall for trusted IPs
Form Protection – Protect login, registration, and comment forms with Turnstile
Bot Score System:
0-39: Likely human (allowed)
40-70: Borderline (optional Turnstile challenge)
71-100: Likely bot (blocked)
Performance:
Minimal overhead (~1ms with page cache, ~30-50ms without)
APCu + file-based caching for GeoIP lookups
Compatible with all major caching plugins
External Services
This plugin connects to the following third-party services:
Cloudflare Turnstile
When Turnstile is enabled, the plugin loads JavaScript from Cloudflare’s servers to display CAPTCHA challenges:
Service URL: https://challenges.cloudflare.com/turnstile/v0/api.js
Verification API: https://challenges.cloudflare.com/turnstile/v0/siteverify
Data sent: Turnstile token, visitor IP address
Purpose: Human verification to prevent bot access
Privacy Policy: https://www.cloudflare.com/privacypolicy/
Terms of Service: https://www.cloudflare.com/website-terms/
Turnstile is only loaded when you enable it in plugin settings and provide your Cloudflare API keys.
MaxMind GeoIP Database
When you use the one-click GeoIP database installer, the plugin downloads the GeoLite2-Country database from MaxMind:
Database download URL: https://download.maxmind.com/
Data sent: Your MaxMind license key (required for database download)
Purpose: Determine visitor country for geo-blocking features
Privacy Policy: https://www.maxmind.com/en/privacy-policy
Terms of Service: https://www.maxmind.com/en/geolite2/eula
The installer also downloads the MaxMind PHP libraries from GitHub:
GeoIP2 PHP API: https://github.com/maxmind/GeoIP2-php/archive/refs/tags/v2.13.0.zip
MaxMind DB Reader: https://github.com/maxmind/MaxMind-DB-Reader-php/archive/refs/tags/v1.11.1.zip
These are open-source libraries used to read the local GeoIP database. No visitor data is sent to GitHub.
GitHub Terms of Service: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service
GitHub Privacy Statement: https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement
The database is stored locally on your server. No visitor data is sent to MaxMind during lookups.
Privacy
Data Collected
This plugin collects and stores the following visitor data locally in your WordPress database:
IP addresses
Browser fingerprints (Canvas, WebGL, Audio hashes)
User agent strings
Country codes (derived from IP)
Bot scores and classifications
Timestamps of visits
Data Retention
Statistics are automatically deleted after the retention period you configure (default: 14 days). You can adjust this in Settings > Baskerville > Settings.
GDPR Compliance
All data is stored locally on your server
No visitor data is shared with third parties (except Cloudflare when Turnstile verification occurs)
Data retention is configurable
Consider adding disclosure to your site’s privacy policy
