前言介紹
- 這款 WordPress 外掛「Bot Lockout」是 2025-07-28 上架。
- 目前尚無安裝啟用數,是個很新的外掛。如有要安裝使用,建議多測試確保功能沒問題!
- 上一次更新是 2025-07-29,距離現在已有 211 天。
- 尚未有人給過這款外掛評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
外掛標籤
captcha | security | anti-scraping | bot protection | javascript challenge |
內容簡介
**總結:**
Bot Lockout 是一個安全外掛,實現了一個輕量級的密碼學挑戰系統,用於區分真實瀏覽器和自動機器人。與傳統 CAPTCHA 系統不同,它使用基於 JavaScript 的密碼操作,對人類來說很容易,但對大多數機器人來說很難解決。
**問題與答案:**
1. Bot Lockout 的主要特點有哪些?
- 輕量保護:使用最小資源,不影響網站性能
- 密碼挑戰:SHA-256 雜湊與日期和使用者代理綁定
- 智能白名單:允許信任的機器人(例如 Google、Bing 等)和 IP 地址
- 靈活配置:排除特定頁面並自定義封鎖信息
- 全面記錄:追踪被阻止的嘗試進行分析
- 自訂樣式:添加自定義 CSS 以配合您網站的設計
- 每日令牌過期:防止長期繞過嘗試
2. Bot Lockout 是如何運作的?
- 初始請求:當訪客訪問您的網站時,外掛會檢查有效的挑戰令牌
- JavaScript 挑戰:如果不存在令牌,將呈現一個密碼挑戰
- 令牌生成:挑戰結合當前日期與使用者代理字符串,並創建一個 SHA-256 雜湊
- 安全存儲:雜湊被 base64 編碼、截斷,並以安全 cookie 的形式存儲
- 驗證:後續請求將根據存儲的令牌進行驗證
3. Bot Lockout 具有哪些安全功能?
- 密碼學安全:使用 SHA-256 雜湊算法
- 時間限制:令牌每日過期,防止長期繞過
- 特定於瀏覽器:使用者代理綁定防止令牌共享
- 安全 cookie:實現適當的 cookie 安全設置
- 白名單支持:允許信任的服務和 IP 地址
4. Bot Lockout 如何支援多站點?
- Bot Lockout 支援 WordPress 多站點安裝,包括網路範圍和站點特定設定:
- 網路啟用:將設置應用於網路中的所有站點
- 站點特定啟用:每個站點獨立設定
- 混合配置:網路範圍的默認設置與站點特定覆蓋配置
5. Bot Lockout 的安全建議是什麼?
- Bot Lockout 是整個安全策略中的一個層面,而不是解決所有問題的銀彈。
- 建議將 Bot Lockout 與其他工具結合使用,如服務器級防火牆、速率限制、CAPTCHA 系統、基於行為的威脅檢測以及 CDN 級機器人緩解。
- 建議使用者根據自己的威脅模型評估並部署適當的補充保護。
原文外掛簡介
Bot Lockout is a security plugin that implements a lightweight cryptographic challenge system to distinguish between real browsers and automated bots. Unlike traditional CAPTCHA systems, it uses JavaScript-based cryptographic operations that are easy for humans but difficult for most bots to solve.
Key Features
Lightweight Protection: Uses minimal resources and doesn’t impact site performance
Cryptographic Challenges: SHA-256 hashing with date and user agent binding
Smart Whitelisting: Allow trusted bots (Google, Bing, etc.) and IP addresses
Flexible Configuration: Exclude specific pages and customize block messages
Comprehensive Logging: Track blocked attempts for analysis
Custom Styling: Add custom CSS to match your site’s design
Daily Token Expiration: Prevents long-term bypass attempts
How It Works
Initial Request: When a visitor accesses your site, the plugin checks for a valid challenge token
JavaScript Challenge: If no token exists, a cryptographic challenge is presented
Token Generation: The challenge combines the current date with the user agent string and creates a SHA-256 hash
Secure Storage: The hash is base64 encoded, truncated, and stored as a secure cookie
Validation: Subsequent requests are validated against the stored token
Security Features
Cryptographically Secure: Uses SHA-256 hashing algorithm
Time-Bound: Tokens expire daily to prevent long-term bypass
Browser-Specific: User agent binding prevents token sharing
Secure Cookies: Implements proper cookie security settings
Whitelist Support: Allow trusted services and IP addresses
Multi-Site Support
Bot Lockout supports WordPress Multi-Site installations with both network-wide and site-specific configurations:
Network Activation: Apply settings to all sites in the network
Site-Specific Activation: Independent settings for each site
Mixed Configuration: Network-wide defaults with site-specific overrides
Security Advisory
Bot Lockout is one layer in a broader security strategy, not a silver bullet.
While Bot Lockout is designed to deter automated bots and AI scrapers through cryptographic JavaScript challenges, no single solution can offer complete protection. Web scraping technologies continue to evolve, and determined actors may find ways to bypass front-end defenses.
This plugin should be used as part of a multi-layered approach to website security. For best results, we recommend combining Bot Lockout with additional tools such as server-level firewalls, rate limiting, CAPTCHA systems, behavior-based threat detection, and CDN-level bot mitigation.
Kognetiks makes no guarantee that this plugin will block all unwanted bot traffic. It is intended as a proactive, lightweight defense mechanism—not a comprehensive security system. Users are responsible for evaluating their own threat model and deploying appropriate complementary protections.
Support
For support, please visit the WordPress.org support forums or check the plugin documentation.
Credits
Developer: Kognetiks
This plugin is licensed under the GPL v3 or later.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Bot Lockout」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
延伸相關外掛(你可能也想知道)
暫無相關外掛推薦。