外掛標籤
開發者團隊
原文外掛簡介
Crawlantix AI Bot Tracker monitors visits from 30+ AI crawlers and gives you visibility into how bots interact with your site. See which bots visit, what pages they crawl, and catch misbehaving bots with a built-in logging-only honeypot. Lightweight, privacy-first, and fully functional out of the box.
Free forever — no artificial limits on bot detection.
Tracked Bots (30+):
GPTBot / ChatGPT-User / OAI-SearchBot (OpenAI)
ClaudeBot / Claude-Web / anthropic-ai (Anthropic)
Googlebot / Google-Extended (Google / Gemini)
bingbot (Microsoft / Copilot)
PerplexityBot (Perplexity)
DeepSeek, Qwen (Alibaba), Mistral AI
Applebot-Extended (Apple Intelligence)
Meta-ExternalAgent (Meta AI)
Bytespider (ByteDance)
CCBot (Common Crawl), Amazonbot, YouBot, DuckDuckBot
AI2Bot, Diffbot, Timpibot, PetalBot
SemrushBot, AhrefsBot, DataForSeoBot, MJ12bot, DotBot
Features:
Lightweight Bot Detection (30+ Bots)
Hooks into WordPress init with a priority-1 action. Bails immediately on non-AI User-Agents — zero performance cost for human visitors. All 30+ bots tracked.
Dashboard with Charts
Clean dashboard with trend chart and provider breakdown pie chart (Chart.js, bundled locally). Summary cards show total visits, unique bots, pages crawled, and daily averages. No external dependencies.
Bot Activity Table
Dedicated tab showing all detected bots with visits, bytes transferred, 24h sparklines, verification status, and honeypot hit counts.
Crawled Pages
See which pages bots visit most, which bots crawl them, and when they were last seen.
Honeypot Endpoint (Logging Only)
A CSS-hidden, aria-hidden, rel=nofollow link is injected in the footer. Only raw link-extracting bots will follow it. Visits are logged for transparency. Active defense (blocking, tarpit, rate-limit, decoy, shadowban) is reserved for the paid build.
Bot Verification
Reverse DNS (FCrDNS) verification for major bots — confirms Googlebot, GPTBot, ClaudeBot, etc. are actually who they claim to be.
Privacy First
IP addresses are SHA-256 hashed with a per-install salt before storage. Raw IPs are never saved. Includes WordPress Privacy API exporter and eraser hooks so data-subject access and erasure requests can flow through the standard WordPress Tools → Personal Data workflow.
AI Discovery Layer
Serves ai-plugin.json (a discovery manifest that tells visiting AI agents the site is monitored) and llms.txt / llms-full.txt (text content authored by the admin via WordPress pages with slugs llms-txt and llms-full-txt) at the site root.
Data Retention
Bot visit data is retained for 30 days. Older records are automatically pruned via WP-Cron.
External Services
This plugin connects to the following external services:
Reverse DNS Lookups
The bot verification feature performs reverse DNS (FCrDNS) lookups using PHP’s gethostbyaddr() and gethostbyname() functions to verify that bots are who they claim to be (e.g., confirming a request claiming to be Googlebot actually originates from Google’s network). These lookups send the bot’s IP address to your server’s configured DNS resolver and the authoritative DNS servers for the IP address’s reverse DNS zone. Under some privacy regimes, IP addresses may be considered personal data. This feature runs automatically when a known AI bot visits your site and cannot currently be disabled via the admin UI (a filter hook crawlantix_enable_verification is available for developers).
No other external services, third-party APIs, or remote requests are used by this plugin. All analytics data is stored locally in your WordPress database. Chart.js is bundled locally — no CDN requests are made.
Privacy Policy
Crawlantix AI Bot Tracker is designed with privacy as a core principle:
Bot traffic only. The plugin only tracks automated bot traffic identified by User-Agent strings. Human visitors are not tracked and no cookies are set.
No raw IP addresses stored. All IP addresses are SHA-256 hashed with a per-install random salt before storage (or AUTH_SALT when defined in wp-config.php). The original IP address cannot be recovered from the hash. Note: pseudonymous IP hashes may still be considered personal data under GDPR.
Data stored per bot visit: IP hash, User-Agent string, requested URL, HTTP referrer URL, request method, timestamp, and derived fields (bytes transferred, bot verification status). Referrer URLs may contain personal data depending on the referring site.
WordPress Privacy API integration. The plugin registers exporter and eraser callbacks with WordPress core, so data-subject access and erasure requests filed through Tools → Personal Data flow correctly.
No external data transmission. All analytics data remains in your local WordPress database. No data is sent to Crawlantix or third-party services. The only external communication is DNS lookups for bot verification (see External Services above).
Data retention controls. Bot visit data is automatically pruned after 30 days. Administrators can delete all collected data on uninstall via the “Delete Data on Uninstall” Settings toggle.
For sites that require a formal privacy policy disclosure, you may note: “We use the Crawlantix AI Bot Tracker plugin to monitor automated AI bot traffic to our site. This plugin records bot User-Agent strings, pseudonymous IP hashes, pages visited, referrer URLs, and timestamps for detected bot traffic only. Raw IP addresses are cryptographically hashed before storage. No human visitor data is collected.”
Premium Version
Crawlantix also offers paid tiers at crawlantix.com for site owners who need active bot defense in addition to monitoring. The paid build adds the following features on top of everything in this free version:
Protect tier
Active honeypot responses: HTTP 403 block, tarpit (random 5–25s delay with worker-exhaustion safeguards), rate limit 429, decoy content, shadowban.
Auto-block of repeat honeypot offenders, with configurable thresholds.
Per-IP response rules — apply a chosen response strategy to specific IP hashes (up to 200 rules).
Custom honeypot paths (up to 5) with a reserved-route safety list.
Email alerts for honeypot hits and parameter explosion patterns.
Robots.txt trap entries that catch non-compliant scrapers.
Optional override that suppresses the WordPress core /wp/v2/users REST endpoints (username-enumeration hardening, off by default and easy to opt back in).
Optimize tier
Full REST API at /wp-json/ai-tracker/v1/ with API key authentication and 13 endpoints (status, stats, page, trends, bots, top-pages, report, export, alerts, honeypot, crawled-pages, etc.).
GeoIP location tracking with MaxMind GeoLite2.
Crawl Analytics tab with deeper traffic-quality metrics.
Extended data retention up to 365 days.
Scale tier
Backup & restore — export all data as JSON; import with merge or replace modes.
Unlimited retention.
Priority support.
The paid build is a drop-in upgrade: same plugin slug, same database tables, same option keys, so all your historical bot data carries over with no migration step on your part.
