前言介紹
- 這款 WordPress 外掛「EDH Bad Bots」是 2025-09-02 上架。
- 目前有 20 個安裝啟用數。
- 上一次更新是 2025-09-06,距離現在已有 173 天。
- 外掛最低要求 WordPress 6.2 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 7.4 以上。
- 有 1 人給過評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
nbwpuk | encodedothost |
外掛標籤
dns | PTR | bots | hostname | security |
內容簡介
總結: EDH Bad Bots 是一個智能的機器人偵測和阻擋系統,可保護您的 WordPress 網站免受不需要的爬蟲和惡意機器人。這個外掛使用蜜罐技術來識別和阻擋不尊重您網站 robots.txt 指令的機器人,並提供設定彈性阻擋方式和清潔的管理介面。
1. 如何 EDH Bad Bots 提高網站安全性?
- 使用智能機器人偵測,識別不良機器人
- 提供雙層阻擋方式,包括伺服器層級 .htaccess 阻擋和 PHP 層級阻擋
- 管理 IP 白名單,確保信任的 IP 不會被阻擋
2. 如何設定 EDH Bad Bots?
- 在 WordPress 管理員中進入外掛管理面板
- 在 Whitelisted IPs 分頁添加或移除 IP 地址
- 在 Options 分頁設定 .htaccess 阻擋或 PHP 僅阻擋方式
3. EDH Bad Bots 需要哪些系統需求?
- WordPress 5.0 或更高版本
- PHP 7.4 或更高版本
- MySQL 5.6 或更高版本
- Apache 伺服器或 Nginx,需可寫入的 .htaccess 檔案
4. EDH Bad Bots 提供什麼安全功能?
- 使用 WordPress nonces 進行 CSRF 保護
- 只有具有 manage_options 權限的使用者可以存取管理功能
- 所有使用者輸入都經過適當的清理和驗證
原文外掛簡介
EDH Bad Bots is an intelligent bot detection and blocking system that protects your WordPress site from unwanted crawlers and malicious bots. Unlike traditional blocking methods that rely on user agent strings (which can be easily spoofed), this plugin uses a honeypot technique to identify and block bots that don’t respect your site’s robots.txt directives.
Key Features
Automatic Bot Detection: Identifies bad bots using a hidden trap URL technique
Smart Blocking System: Blocks misbehaving bots with configurable duration (default 30 days)
Advanced DNS Resolution: PTR record lookups with DNS over HTTPS (DoH) support for hostname identification
Dual-Level Blocking: Server-level .htaccess blocking AND PHP-level blocking for maximum effectiveness
Configurable Blocking Methods: Choose between .htaccess blocking (Apache) or PHP-only blocking (Nginx compatible)
IP Whitelist Management: Protect trusted IPs from ever being blocked
Enhanced Admin Interface: Clean dashboard with hostname display, manual hostname updates, and debug tools
Background Processing: Automated hostname resolution via WordPress cron jobs
Zero False Positives: Legitimate search engine bots that follow robots.txt rules are never affected
Database Optimization: Automatic cleanup of expired blocks to maintain performance
Security-First Design: All forms include proper nonce verification and user capability checks
How It Works
The plugin implements a sophisticated honeypot system:
Trap URL Generation: Creates a unique, hidden URL specific to your domain
Robots.txt Integration: Automatically adds a Disallow rule for the trap URL
Hidden Link Placement: Places an invisible link to the trap URL in your site’s footer
Bot Detection: When bad bots ignore robots.txt and follow the hidden link, they’re identified
Automatic Blocking: Detected bot IPs are blocked with configurable duration and immediate effect
Hostname Resolution: PTR record lookups identify the hostname/organization behind blocked IPs
Legitimate Bot Protection: Good bots (like Googlebot) respect robots.txt and never trigger the trap
Configuration
Admin Dashboard
Access the plugin dashboard at Tools > Bad Bots in your WordPress admin:
Whitelisted IPs Tab
Add IP addresses that should never be blocked
Remove IPs from the whitelist
View all currently whitelisted addresses with timestamps
Blocked Bots Tab
View all currently blocked IP addresses with hostnames
See when each IP was blocked and when the block expires
Manually update missing hostnames for better identification
Force refresh all hostnames to clear cache and re-resolve
Debug hostname resolution issues (when WP_DEBUG is enabled)
Manually unblock IPs if needed
Options Tab
.htaccess Blocking: Enable/disable server-level IP blocking via .htaccess file
Block Duration: Configure how many days to block detected bots
Configure blocking method based on your server setup (Apache vs Nginx)
Server-level blocking bypasses caching for immediate effect
Help Tab
Detailed explanation of how the plugin works
Best practices for managing IPs
Information about .htaccess blocking options
Unique trap URL for caching plugin exclusion
Requirements
WordPress 6.2 or higher
PHP 7.4 or higher
MySQL 5.6 or higher
Apache server (for .htaccess blocking) or Nginx (PHP-only blocking)
Writable .htaccess file (if using Apache server-level blocking)
Technical Details
Database Tables
The plugin creates two custom database tables:
wp_edhbb_blocked_bots: Stores blocked IP addresses with expiration dates and hostnames
wp_edhbb_whitelisted_ips: Stores permanently whitelisted IP addresses
DNS Resolution System
The plugin includes an advanced DNS lookup system:
DNS over HTTPS (DoH) Support
Primary providers: Cloudflare DNS, Google DNS
Secure queries: HTTPS-encrypted DNS requests for enhanced privacy
Fallback system: Automatic fallback to traditional DNS methods
PTR Record Lookups
Reverse DNS: Converts IP addresses to hostnames for better identification
IPv4 and IPv6 support: Full support for both IP versions
Caching: Results cached for 1 hour to improve performance
Background processing: Automated hostname resolution via WordPress cron
Blocking Methods
The plugin offers two blocking approaches:
1. Server-Level Blocking (.htaccess)
Default method for Apache servers
Blocks IPs at the server level before WordPress loads
Bypasses caching plugins for immediate effect
More efficient and faster blocking
Automatically manages .htaccess file with unique markers
Safe cleanup on plugin deactivation
2. PHP-Level Blocking
Alternative method for Nginx or when .htaccess is unavailable
Blocks IPs during WordPress initialization
Compatible with all web servers
May be affected by caching plugins
No server configuration files modified
Security Features
Nonce Verification: All forms use WordPress nonces for CSRF protection
Capability Checks: Only users with manage_options capability can access admin features
Input Sanitization: All user inputs are properly sanitized and validated
SQL Injection Protection: All database queries use prepared statements
Safe .htaccess Management: Uses unique markers and automatic cleanup
Performance Optimization
Automatic Cleanup: Expired blocks are automatically removed from the database
Efficient Queries: Database operations are optimized for minimal performance impact
Smart Loading: Admin assets only load on the plugin’s admin page
Server-Level Blocking: .htaccess blocking prevents blocked requests from reaching PHP
Whitelist Filtering: Whitelisted IPs are excluded from .htaccess rules automatically
DNS Caching: Hostname lookups cached to reduce DNS query overhead
Background Processing: Hostname resolution runs in background to avoid delays
API Hooks
Actions
plugins_loaded: Plugin initialization
init: Early request blocking check
template_redirect: Bot trap detection
wp_footer: Hidden link injection
admin_menu: Admin page registration
edhbb_update_hostnames_cron: Background hostname resolution
Filters
robots_txt: Adds disallow rule to robots.txt
File Structure
`
edh-bad-bots/
├── admin/
│ └── views/
│ └── admin-display.php # Admin interface HTML
├── assets/
│ ├── css/
│ │ └── admin-style.css # Admin page styling
│ └── js/
│ └── admin-script.js # Admin page JavaScript
├── includes/
│ ├── class-edhbb-admin.php # Admin functionality
│ ├── class-edhbb-blocker.php # Bot detection and blocking
│ ├── class-edhbb-database.php # Database operations
│ └── class-edhbb-dnslookup.php # DNS/PTR lookup system
├── edh-bad-bots.php # Main plugin file
├── LICENSE
└── readme.txt
`
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Development Setup
Clone the repository to your WordPress plugins directory
Ensure you have a WordPress development environment running
Activate the plugin and test your changes
License
This project is licensed under the GPL v3 or later.
Author
EncodeDotHost
– Website: https://encode.host
– GitHub: @EncodeDotHost
Contributors
@nbwpuk
Support
For support, please visit https://encode.host or create an issue on the GitHub repository.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「EDH Bad Bots」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
延伸相關外掛(你可能也想知道)
BBQ Firewall – Fast & Powerful Firewall Security 》, 安裝、啟用、完成!, WP 最快的防火牆外掛程式提供強大的保護。, , BBQ Firewall 是一個輕量級、超快速的外掛程式,可以保護您的網站免受各種威脅。BBQ 會...。
Shield: Blocks Bots, Protects Users, and Prevents Security Breaches 》你一定會喜歡的功能, , 獨家AntiBot Detection Engine - 強大的替代 Google reCAPTCHA 和 CloudFlare Turnstile。, 自動防止機器人和 IP - 基於評分的安全智...。
Blackhole for Bad Bots 》, 添加您自己的虛擬黑洞陷阱來捕捉壞的機器人。, , 掰掰壞機器人⋯, 壞機器人是最糟糕的。他們會做各種討厭的事情並浪費伺服器資源。 Blackhole外掛有助於阻止...。
Spider Blocker 》Spider Blocker 可以封鎖消耗頻寬和減慢服務器速度的大多數常見機器人。它會使用 Apache .htaccess 文件來減少對您的網站的影響。它也會從外部掃描器中隱藏自...。
WP Captcha 》wp captcha是一個驗證訪客是否為人類,而不是垃圾機器人的外掛。captcha外掛是保護您的WordPress網站表單免受垃圾郵件的最佳安全解決方案。它可用於登錄、註...。
reCAPTCHA 》此外掛可透過將 Google 的易於使用的reCAPTCHA新增至登入表單,防止您的 WordPress 網站發生暴力登入。。
Magic robots.txt 》簡而言之:如果機器人不能為您提供直接或間接的效益,它們會浪費您的資源並減慢網站速度。最佳配置將最大化您的SEO結果並減少運營成本。, 您只需要少於一分鐘...。
GM Block Bots 》此外掛會以 403 Forbidden 訊息封鎖 semalt.com、buttons-for-website.com 及其他網站,因此這些網站將不會顯示在 Google Analytics 統計資料中。這並不會封...。
Banhammer – Monitor Site Traffic, Block Bad Users and Bots 》, Banhammer:保護你的網站免於敵人襲擊!, , Banhammer 給予你完全控制權,決定誰有權限進入你的網站。在防禦塔中監視網路流量,並審查可疑的訪問者。如果你...。
ArtiBot Free Chat Bot for WordPress WebSites 》ArtiBot 是一款免費的聊天機器人插件,具備以下三個主要功能:取得潛在客戶、預約設定、收款。, 通過由您設計的對話流程來捕獲潛在客戶從未如此簡單。對話可...。
Block Comment Spam Bots 》專業垃圾郵件發佈者使用程序自動化進行內容的發佈,「Block Comment Spam Bots」(BCSB)外掛可以有效地阻斷此類程序,消除評論內容的垃圾訊息!沒有更多的垃...。
VPN Guard – Block VPN, Proxy, Bots & Anonymous Visitors 》總結:VPN Guard 是一款終極免費版 WordPress 外掛,可幫助您即時阻擋 VPN、代理和其他匿名化網絡,常被不受歡迎的機器人和疑似流量利用 — 無需訂閱。使用強...。
WP Simple SpamCheck 》這個外掛可以使用基於時間的雜湊阻擋超過95%的垃圾留言。, 這樣可以進行最少的檢查,幾乎可以刪除所有垃圾留言,而且不需要註冊到第三方API。, 這個外掛已經...。
Richpanel – Customer Support Helpdesk & Chat 》現今的電子商務支援系統分散在電子郵件、即時聊天、問題回報、常見問題集、退貨中心等各種管道,而 Ricpanel 可以讓您透過一個平台整合所有客戶服務,只需要...。
reCAPTCHA Lite 》reCAPTCHA Lite 是一款 WordPress 外掛,可保護您的網站免受機器人、暴力攻擊、垃圾郵件和濫用的侵害。此外掛支援 reCAPTCHA v3 和 v2 Checkbox,其中 reCAPT...。