內容簡介
BotBlocker Security 是一款專為 WordPress 設計的安全外掛,提供強大的防火牆和自動化威脅保護,能有效阻擋惡意流量,確保網站安全,並減少伺服器負擔。
【主要功能】
• 實時防火牆規則更新
• 實時 IP 封鎖清單
• 早期初始化保護
• 雲端威脅情報檢查
• 不收集訪客數據
外掛標籤
開發者團隊
② 後台搜尋「BotBlocker Security – Firewall & Bot Protection」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
WordPress Security Plugin & Firewall (WAF)
Every day, automated bots and hackers bombard websites with attacks. Mass botnets, fake search engine crawlers, brute-force login attempts, and spam bots can overwhelm your WordPress site – stealing data, overloading your server, and defacing content. It’s a 24/7 threat to your business. If you’re looking for WordPress site protection, you need a proactive defense that stops these attacks before they reach your website.
BotBlocker Security is the all-in-one solution to keep your site safe from automated threats. This powerful WordPress security plugin and Web Application Firewall (WAF) acts as a dedicated anti-bot firewall, blocking malicious traffic at the front gate without slowing down your site.
BotBlocker’s setup and onboarding experience allows anyone to secure their WordPress site in under 1 minute, regardless of technical expertise. You can rest assured knowing you have enabled the right site protection settings to protect your website.
BotBlocker also supports WordPress Multisite, making it suitable for agencies, developers, and administrators who manage networks of client sites from a single WordPress installation.
🔥 WordPress Firewall (WAF)
BotBlocker Security includes an endpoint firewall/WAF that identifies and blocks malicious traffic before it reaches WordPress. Built and maintained by a team focused 100% on WordPress security, our Web Application Firewall protects your site while reducing server load.
BotBlocker intercepts bad traffic at the earliest stage – even before WordPress or your theme loads. By running as a must-use plugin (MU-plugin) on early init, it blocks threats before WordPress initializes, drastically reducing server load during attacks.
Key Firewall Features:
Real-time firewall rule updates via the BotBlocker Threat Defense Feed
Real-time IP Blocklist blocks all requests from the most malicious IPs
Early-init protection – blocks threats before WordPress loads
Cloud-based threat intelligence – cross-checks every visitor against global threat databases
Extended Secure Mode – stricter challenge, session, and token validation for high-risk traffic
No visitor data collected – only technical request parameters analyzed (GDPR/CCPA-compliant)
Brute force protection with login attempt limits and multi-layer verification
📡 WordPress Security Scanner & Site Protection
Every attempt to access your site is thoroughly analyzed and filtered. BotBlocker provides comprehensive site protection across all entry points:
XML-RPC and API Protection – all endpoints blocked by default. Create access rules for trusted services and add allowed URLs for payment plugins
Spam Prevention – spammers cannot connect to your site. Automatically block IP addresses that exceed spam comment thresholds
File Access Protection – theme and plugin files securely protected from unauthorized access
Deep Analysis – User-Agent, Accept-Language, GeoIP, PTR, DNSBL, cookies, browser fingerprint, AdBlock, Incognito detection
Network & Protocol Control – block obsolete HTTP/1.0 clients and disable IPv6 if not used. Cloudflare-aware protection blocks origin bypass attempts
🔒 Login Security & 2FA
All login attempts pass through multi-layer filtering and CAPTCHA verification:
Two-Factor Authentication Support – 2FA enhanced login security for admin area. Backup codes for recovery access. Universal 2FA app support – works with Google Authenticator, Authy, etc.
Multi-layer CAPTCHA Protection – color buttons, animal images, floating shapes, floating math, Google reCAPTCHA v2/v3, and more. Any internal CAPTCHA can be combined with reCAPTCHA v3 for dual-layer protection
Brute Force Protection – configurable login attempt limits. Failed attempts trigger temporary bans, with escalating penalties for repeated failures
Advanced Anti-bot Challenges – proprietary CAPTCHA designed to be nearly impossible to bypass, even by AI-based anti-CAPTCHA services
Intelligent Ban System – failed CAPTCHA results in configurable ban periods. Repeated failures trigger 24-hour bans
Admin Access Simplification – special mechanism to ease site administrator login while maintaining security
XML-RPC Control – options including complete disabling
🛠️ Security Tools
Comprehensive tools to block attackers and monitor your site in real-time:
Advanced Blocking Rules – block by IP or build rules based on IP Range, Hostname, User Agent, Referrer, PTR record, ASN, country, city, and more
IP-PTR-Host Mismatch Detection – automatically detect and block fake crawlers (e.g., fake Googlebots)
Crawler & AI Allowlist Management – manage trusted SEO bots and LLM/AI crawlers such as OpenAI, Claude, and Gemini while still detecting impersonators
Blacklist & Whitelist Management – instantly allow or block any IP, ASN, range, or User-Agent
Live Traffic Monitoring – see all traffic in real-time: robots, humans, 404 errors, logins/logouts, file requests, and content consumption
Server IP Identification – prevent lockouts by automatically identifying and protecting server IPs
Visual Dashboard – intuitive charts and stats showing blocked attacks, world map of threat origins, top offending IPs/countries
Detailed Security Log – every event logged with IP address, user agent, country, and blocking reason
Hide Login URL (Premium Addon)
⚡ Performance & Integration
BotBlocker’s robust defense won’t slow your site down – in fact, it often improves performance under attack:
Lightweight & Fast – negligible overhead in normal conditions. Reduces database and server load during attacks
Built-in Caching – Redis and Memcached support for high-traffic environments
Cache Plugin Compatibility – automatic DONOTCACHEPAGE + Cache-Control: no-store on verification pages. Works with WP Super Cache (PHP mode), W3 Total Cache, WP Rocket, LiteSpeed Cache, Hummingbird, and more. Server-level caches (Nginx FastCGI, Varnish, Cloudflare) may need a cookie-based bypass rule – see docs/CACHE-COMPATIBILITY.md
Cache-Optimized CAPTCHA Delivery – Image Delivery Mode serves image CAPTCHA assets in a cache-friendly way for high-traffic sites
DDoS Protection Compatibility – automatic detection of JS-challenges from DDoS-Guard, Stormwall, and similar services. See docs/DDOS-COMPATIBILITY.md for advanced configuration
Seamless Compatibility – works with Cloudflare, CDN services, caching plugins, and optimizers
WordPress Multisite Support – protect multisite networks and agency-managed site fleets
Full IPv6 Support – all security functions work with both IPv4 and IPv6
Server Optimization (Premium Addon) – additional performance enhancements for high-traffic sites
👤 Easy Setup & User-Friendly Interface
You don’t have to be a security expert to use BotBlocker:
Quick Installation Wizard – step-by-step setup guide for configuration in under 1 minute
Intuitive Admin Panel – organized settings with clear descriptions and tooltips
Multilingual – translated into English, Spanish, German, French, Polish, Russian, Ukrainian, and more
No Conflicts & Modern PHP Compatibility – built following WordPress best practices, tested with recent WP versions and current PHP releases including PHP 8.5
Adjustable Logging – configurable retention periods with time zone awareness and daylight saving support
Security first – BotBlocker’s on guard!
🔥 PRO Version
Upgrade to PRO for production sites, WooCommerce stores, agencies, and high-traffic WordPress projects that need cloud intelligence, premium add-ons, and faster support. Current PRO subscriptions start at $12/month; compare plan limits and current offers on the pricing page. Annual billing includes 1 month free, and most purchases are covered by a 30-day refund policy according to the Terms of Service.
PRO includes:
Real-time cloud threat intelligence checks against global databases
Zero-day threat detection – behavioral analysis and heuristic rules catch unknown attack patterns before signatures are available
VPN, Tor, proxy, ASN, and hosting reputation checks for stricter traffic filtering
Hide Admin URL add-on – custom login URL and protection for default wp-login.php and registration endpoints
Security Headers add-on – HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, and Content-Security-Policy (CSP) configuration
Early Init add-on – filtering before WordPress Core loads for better performance during attacks
Speed Up WordPress add-on – frontend cleanup and optimization for faster page delivery
Advanced reporting, analytics, and forensic traffic context
Daily signature, PTR, User-Agent, and AI model updates
Priority support with 24-hour response and emergency help for critical issues
Features
Detection & Analysis
BotBlocker employs advanced multi-layer detection to identify and block threats:
Detection Mechanisms:
Local and cloud signature databases with real-time updates
IP reputation and blacklist checks with global threat intelligence
DNS-based and PTR lookups to detect fake crawlers
Heuristic and behavioral analysis for suspicious patterns
Trusted SEO and LLM/AI crawler allowlists for known services such as OpenAI, Claude, and Gemini
Browser fingerprint and feature mismatch detection
Header and protocol validation
JavaScript challenge and capability verification
Multi-layered CAPTCHA verification
Comprehensive Request Analysis:
Network & IP: Full IPv4/IPv6 support, blacklist/whitelist, country/GeoIP, ASN, hosting/VPN detection, TOR detection, PTR/DNSBL checks
Browser & Client: User-Agent validation, browser/OS/device detection, fingerprint analysis, headless browser detection, JavaScript/cookie support
Headers & Protocol: Accept-Language, Referer validation, HTTP version control, Cloudflare/proxy detection
Advanced Fingerprinting: Font rendering, WebGL, media devices, touch events, battery API, permissions, timing analysis, plugin verification
CAPTCHA Modes
Choose from various CAPTCHA types to protect your site:
Single Button – one-click verification for quick validation
Google reCAPTCHA v2 – standard image/checkbox challenge
Google reCAPTCHA v3 – invisible background scoring
BotBlocker Color CAPTCHA – select colored buttons challenge
BotBlocker Digits CAPTCHA – floating math challenge
BotBlocker Images CAPTCHA – animal image selection
BotBlocker Image Delivery Mode – cache-friendly image CAPTCHA delivery for high-traffic sites and aggressive caching setups
BotBlocker Shapes CAPTCHA – floating shapes challenge
BotBlocker Hold Button CAPTCHA – press and hold to verify, distinct from one-click Single Button mode, with no images or math required
Silent Auto-Verify – no CAPTCHA shown. Real users pass automatically via JS fingerprint checks; bots see “Access denied”
Hybrid Mode – combine any CAPTCHA with reCAPTCHA v3 for dual-layer protection
Additional Capabilities
Early-init & MU plugin support
WordPress Multisite support
Extended Secure Mode for stricter verification on sensitive routes and high-risk traffic
Trusted LLM/AI crawler allowlist management
Real-time cloud threat checks
Dynamic and graphical anti-bot challenges
Automatic logging with adjustable retention
Session tracking and verification
No visitor data collected – GDPR/CCPA-compliant (see FAQ for admin notification details)
Privacy
BotBlocker Security does not collect or process personal data of your visitors. All cloud analysis is performed on technical parameters only (IP, headers, User-Agent). No personally identifiable information is collected, stored, or transmitted to any external service.
Support and Documentation
Product site: https://botblocker.top/products/
Pricing and PRO plans: https://botblocker.top/pricing/
Documentation: https://botblocker.top/docs/
Contact/support: https://botblocker.top/contacts/
Community: https://botblocker.top/community/
License
This plugin is licensed under the GPLv2 or later. See LICENSE.txt for details.
Credits & Authors
BotBlocker Security is developed and maintained by GLOBUS.studio.
Concept, architecture & code – Yevhen Leonidov: https://leonidov.dev/
Code, code review – Andrii Lukashevych
Code, translations – Aleksandr Kinakh
BotBlocker Security – The first line of defense for your WordPress site.
