前言介紹
- 這款 WordPress 外掛「BotBlocker Security – Firewall & Bot Protection」是 2025-11-01 上架。
- 目前有 1000 個安裝啟用數。
- 上一次更新是 2026-02-14,距離現在已有 12 天。
- 外掛最低要求 WordPress 5.0 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 7.4 以上。
- 有 4 人給過評分。
- 論壇上目前有 2 個提問,問題解答率 100% ,不低,算是個很有心解決問題的開發者團隊了!
外掛協作開發者
alukashevych | globusstudio | alexandrkinakh |
外掛標籤
captcha | firewall | security | anti-spam | Brute Force |
內容簡介
**總結:**
每天,自動機器人和駭客對網站發動攻擊。大量的機器人網絡、假冒搜索引擎爬蟲、暴力登錄嘗試和垃圾郵件機器人可能會壓倒您的WordPress站點 - 窺探數據、超載您的伺服器並破壞內容。這是對您業務的全天候威脅。您需要一個積極的防禦機制,在這些攻擊還沒有到達您的站點之前就將其擋在外面。
- BotBlocker Security是保護您的站點免受自動化威脅的全能解決方案。這款強大的WordPress安全外掛充當專用的反機器人防火牆,在不減慢您站點速度的情況下阻止惡意流量。
- BotBlocker的設置和入職體驗使任何人都能在不到1分鐘內保護他們的WordPress網站,無論技術水平如何。您可以放心,因為您已經啟用了所有正確的安全設置來保護您的網站。
**問題與答案:**
<ul>
<li><strong>這個外掛的主要功能是什麼?</strong></li>
<ul>
<li>答:這款外掛的主要功能是作為一個專用的反機器人防火牆,阻止惡意流量進入您的WordPress站點。</li>
</ul>
<li><strong>BotBlocker的設置和入職體驗如何?</strong></li>
<ul>
<li>答:這個外掛的設置和入職體驗非常簡單,任何人都可以在不到1分鐘內保護他們的WordPress網站。</li>
</ul>
<li><strong>這個外掛提供了哪些防火牆功能?</strong></li>
<ul>
<li>答:包括實時防火牆規則更新、即時IP封鎖列表、早期初始化保護、基於雲的威脅情報等功能。</li>
</ul>
<li><strong>這個外掛是否合規?</strong></li>
<ul>
<li>答:這個外掛沒有收集個人數據,僅分析技術請求參數,符合100%的GDPR / CCPA合規要求。</li>
</ul>
</ul>
原文外掛簡介
WordPress Security Plugin & Firewall (WAF)
Every day, automated bots and hackers bombard websites with attacks. Mass botnets, fake search engine crawlers, brute-force login attempts, and spam bots can overwhelm your WordPress site – stealing data, overloading your server, and defacing content. It’s a 24/7 threat to your business. If you’re looking for WordPress site protection, you need a proactive defense that stops these attacks before they reach your website.
BotBlocker Security is the all-in-one solution to keep your site safe from automated threats. This powerful WordPress security plugin and Web Application Firewall (WAF) acts as a dedicated anti-bot firewall, blocking malicious traffic at the front gate without slowing down your site.
BotBlocker’s setup and onboarding experience allows anyone to secure their WordPress site in under 1 minute, regardless of technical expertise. You can rest assured knowing you have enabled the right site protection settings to protect your website.
🔥 WordPress Firewall (WAF)
BotBlocker Security includes an endpoint firewall/WAF that identifies and blocks malicious traffic before it reaches WordPress. Built and maintained by a team focused 100% on WordPress security, our Web Application Firewall protects your site while reducing server load.
BotBlocker intercepts bad traffic at the earliest stage – even before WordPress or your theme loads. By running as a must-use plugin (MU-plugin) on early init, it blocks threats before WordPress initializes, drastically reducing server load during attacks.
Key Firewall Features:
Real-time firewall rule updates via the BotBlocker Threat Defense Feed
Real-time IP Blocklist blocks all requests from the most malicious IPs
Early-init protection – blocks threats before WordPress loads
Cloud-based threat intelligence – cross-checks every visitor against global threat databases
No personal data collected – only technical request parameters analyzed (100% GDPR/CCPA-compliant)
Brute force protection with login attempt limits and multi-layer verification
📡 WordPress Security Scanner & Site Protection
Every attempt to access your site is thoroughly analyzed and filtered. BotBlocker provides comprehensive site protection across all entry points:
XML-RPC and API Protection – all endpoints blocked by default. Create access rules for trusted services and add allowed URLs for payment plugins
Spam Prevention – spammers cannot connect to your site. Automatically block IP addresses that exceed spam comment thresholds
File Access Protection – theme and plugin files securely protected from unauthorized access
Deep Analysis – User-Agent, Accept-Language, GeoIP, PTR, DNSBL, cookies, browser fingerprint, AdBlock, Incognito detection
Network & Protocol Control – block obsolete HTTP/1.0 clients and disable IPv6 if not used. Cloudflare-aware protection blocks origin bypass attempts
🔒 Login Security & Bot Protection
All login attempts pass through multi-layer filtering and CAPTCHA verification:
Multi-layer CAPTCHA Protection – color buttons, animal images, floating shapes, floating math, Google reCAPTCHA v2/v3
Advanced Anti-bot Challenges – proprietary CAPTCHA designed to be nearly impossible to bypass, even by AI-based anti-CAPTCHA services
Intelligent Ban System – failed CAPTCHA results in configurable ban periods. Repeated failures trigger 24-hour bans
Admin Access Simplification – special mechanism to ease site administrator login while maintaining security
XML-RPC Control – options including complete disabling
Two-Factor Authentication Support – 2FA enhanced login security for admin area. Backup codes for recovery access. Universal 2FA app support – works with Google Authenticator, Authy, etc.
🛠️ Security Tools
Comprehensive tools to block attackers and monitor your site in real-time:
Advanced Blocking Rules – block by IP or build rules based on IP Range, Hostname, User Agent, Referrer, PTR record, ASN, country, city, and more
IP-PTR-Host Mismatch Detection – automatically detect and block fake crawlers (e.g., fake Googlebots)
Blacklist & Whitelist Management – instantly allow or block any IP, ASN, range, or User-Agent
Live Traffic Monitoring – see all traffic in real-time: robots, humans, 404 errors, logins/logouts, file requests, and content consumption
Server IP Identification – prevent lockouts by automatically identifying and protecting server IPs
Visual Dashboard – intuitive charts and stats showing blocked attacks, world map of threat origins, top offending IPs/countries
Detailed Security Log – every event logged with IP address, user agent, country, and blocking reason
Hide Login URL (Premium Addon)
⚡ Performance & Integration
BotBlocker’s robust defense won’t slow your site down – in fact, it often improves performance under attack:
Lightweight & Fast – negligible overhead in normal conditions. Reduces database and server load during attacks
Built-in Caching – Redis and Memcached support for high-traffic environments
Seamless Compatibility – works with Cloudflare, CDN services, caching plugins, and optimizers
Full IPv6 Support – all security functions work with both IPv4 and IPv6
Server Optimization (Premium Addon) – additional performance enhancements for high-traffic sites
👤 Easy Setup & User-Friendly Interface
You don’t have to be a security expert to use BotBlocker:
Quick Installation Wizard – step-by-step setup guide for configuration in under 1 minute
Intuitive Admin Panel – organized settings with clear descriptions and tooltips
Multilingual – translated into English, Spanish, German, French, Polish, Russian, Ukrainian, and more
No Conflicts – built following WordPress best practices, tested with recent WP versions
Adjustable Logging – configurable retention periods with time zone awareness and daylight saving support
Security first – BotBlocker’s on guard!
Features
Detection & Analysis
BotBlocker employs advanced multi-layer detection to identify and block threats:
Detection Mechanisms:
Local and cloud signature databases with real-time updates
IP reputation and blacklist checks with global threat intelligence
DNS-based and PTR lookups to detect fake crawlers
Heuristic and behavioral analysis for suspicious patterns
Browser fingerprint and feature mismatch detection
Header and protocol validation
JavaScript challenge and capability verification
Multi-layered CAPTCHA verification
Comprehensive Request Analysis:
Network & IP: Full IPv4/IPv6 support, blacklist/whitelist, country/GeoIP, ASN, hosting/VPN detection, TOR detection, PTR/DNSBL checks
Browser & Client: User-Agent validation, browser/OS/device detection, fingerprint analysis, headless browser detection, JavaScript/cookie support
Headers & Protocol: Accept-Language, Referer validation, HTTP version control, Cloudflare/proxy detection
Advanced Fingerprinting: Font rendering, WebGL, media devices, touch events, battery API, permissions, timing analysis, plugin verification
CAPTCHA Modes
Choose from various CAPTCHA types to protect your site:
Single Button – one-click verification for quick validation
Google reCAPTCHA v2 – standard image/checkbox challenge
Google reCAPTCHA v3 – invisible background scoring
BotBlocker Color CAPTCHA – select colored buttons challenge
BotBlocker Digits CAPTCHA – floating math challenge
BotBlocker Images CAPTCHA – animal image selection
BotBlocker Shapes CAPTCHA – floating shapes challenge
Hybrid Mode – combine any CAPTCHA with reCAPTCHA v3 for dual-layer protection
Additional Capabilities
Early-init & MU plugin support
Real-time cloud threat checks
Dynamic and graphical anti-bot challenges
Automatic logging with adjustable retention
Session tracking and verification
No personal data collected (100% GDPR/CCPA-compliant)
Privacy
BotBlocker Security does not collect or process personal data of your visitors. All cloud analysis is performed on technical parameters only (IP, headers, User-Agent). No personally identifiable information is collected, stored, or transmitted to any external service.
Support and Documentation
Product site: https://botblocker.top/products/
Documentation: https://botblocker.top/docs/
Contact/support: https://botblocker.top/contacts/
Community: https://botblocker.top/community/
License
This plugin is licensed under the GPLv2 or later. See LICENSE.txt for details.
Credits & Authors
BotBlocker Security is developed and maintained by GLOBUS.studio.
Concept, architecture & code – Yevhen Leonidov: https://leonidov.dev/
Code, code review – Andrii Lukashevych
Code, translations – Aleksandr Kinakh
BotBlocker Security – The first line of defense for your WordPress site.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「BotBlocker Security – Firewall & Bot Protection」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.6.3 | 1.6.4 | 1.6.5 | 1.6.6 | 1.6.7 | 1.6.8 | 1.6.9 | trunk | 1.6.10 |
延伸相關外掛(你可能也想知道)
Wordfence Security – Firewall, Malware Scan, and Login Security 》fective way to manage multiple WordPress sites with Wordfence installed from a single location., Monitor security status across all your sites from...。
Hostinger Tools 》- Hostinger Onboarding WordPress Plugin 简化和加快了WordPress网站的设置过程。, - 提供了简便和快速的方式来建立WordPress网站。。
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) 》le Plugins include Complianz GDPR, Disable Updates Manager, and Really Simple CAPTCHA., , Really Simple SSL是一個外掛,自動配置你的網站最大程度上使...。
Jetpack – WP Security, Backup, Speed, & Growth 》search engines, and grow your traffic with Jetpack. It’s the ultimate toolkit for WordPress professionals and beginners alike., , Customize and des...。
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall 》Limit Login Attempts Reloaded 是一款WordPress外掛,可阻止暴力破解攻擊並透過限制常規登錄、XMLRPC、Woocommerce和自訂登錄頁面的登錄嘗試次數來優化您的...。
ManageWP Worker 》, Want to clone or migrate your WordPress website to a new host or domain? No problem! With ManageWP, you can easily clone or migrate your website ...。
Security Optimizer – The All-In-One Protection Plugin 》透過精心挑選且易於配置的功能,SiteGround Security 外掛提供了您所需的一切來保護您的網站並預防多種威脅,例如暴力破解攻擊、登錄錯誤、資料外洩等等。, ...。
Safe SVG 》Safe SVG 可以讓你安心地在 WordPress 中上傳 SVG 檔案!, 它能夠讓你允許上傳 SVG 檔案的同時,確保它們已經經過消毒以防止 SVG/XML 弱點影響你的網站。此外...。
Loginizer 》Loginizer 是一個 WordPress 外掛,可幫助您對抗暴力攻擊,當 IP 地址達到最大重試次數時,該外掛會阻止其登錄。您可以使用 Loginizer 將 IP 地址列入黑名單...。
All-In-One Security (AIOS) – Security and Firewall 》vated to your website, All-in-One Security's WAF will detect and block hacking attempts, adding an extra layer of security to your WordPress site. ...。
User Role Editor 》「User Role Editor」WordPress 外掛讓您輕鬆更改使用者角色和權限。, 只需打開您希望新增到所選角色的能力核取方塊,然後按「更新」按鈕以保存您的更改。完...。
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites 》這是一個針對「MainWP Dashboard」的子外掛程式,可將您的 WordPress 網站連接至 MainWP Dashboard。, MainWP是一個完整的 WordPress 管理解決方案,是自助...。
Solid Security – Password, Two Factor Authentication, and Brute Force Protection 》ing iThemes Security Plugin can benefit you:, 保護您的 WordPress 網站的最佳外掛程式, 平均每天有 30,000 個網站遭受駭客攻擊,在網路上每 39 秒就會有一...。
Sucuri Security – Auditing, Malware Scanner and Security Hardening 》Sucuri Inc. 是全球公認的網站安全權威,專門為 WordPress 安全提供專業知識。, Sucuri Security WordPress 擴充套件對所有 WordPress 使用者免費提供。它是...。
SiteGuard WP Plugin 》版本: 1.6.7, , 您可以在日文網頁和英文網頁上找到文件、常見問題和更詳細的資訊。 , 安裝SiteGuard WP Plugin後,WordPress安全性會得到提高。, 本外掛是一...。