Plugin: botblocker-security (Used by 49 domains)

WordPress Security Plugin & Firewall (WAF)

Every day, automated bots and hackers bombard websites with attacks. Mass botnets, fake search engine crawlers, brute-force login attempts, and spam bots can overwhelm your WordPress site – stealing data, overloading your server, and defacing content. It’s a 24/7 threat to your business. If you’re looking for WordPress site protection, you need a proactive defense that stops these attacks before they reach your website.

BotBlocker Security is the all-in-one solution to keep your site safe from automated threats. This powerful WordPress security plugin and Web Application Firewall (WAF) acts as a dedicated anti-bot firewall, blocking malicious traffic at the front gate without slowing down your site.

BotBlocker’s setup and onboarding experience allows anyone to secure their WordPress site in under 1 minute, regardless of technical expertise. You can rest assured knowing you have enabled the right site protection settings to protect your website.

🔥 WordPress Firewall (WAF)

BotBlocker Security includes an endpoint firewall/WAF that identifies and blocks malicious traffic before it reaches WordPress. Built and maintained by a team focused 100% on WordPress security, our Web Application Firewall protects your site while reducing server load.

BotBlocker intercepts bad traffic at the earliest stage – even before WordPress or your theme loads. By running as a must-use plugin (MU-plugin) on early init, it blocks threats before WordPress initializes, drastically reducing server load during attacks.

Key Firewall Features:

• Real-time firewall rule updates via the BotBlocker Threat Defense Feed
• Real-time IP Blocklist blocks all requests from the most malicious IPs
• Early-init protection – blocks threats before WordPress loads
• Cloud-based threat intelligence – cross-checks every visitor against global threat databases
• No visitor data collected – only technical request parameters analyzed (GDPR/CCPA-compliant)
• Brute force protection with login attempt limits and multi-layer verification

📡 WordPress Security Scanner & Site Protection

Every attempt to access your site is thoroughly analyzed and filtered. BotBlocker provides comprehensive site protection across all entry points:

• XML-RPC and API Protection – all endpoints blocked by default. Create access rules for trusted services and add allowed URLs for payment plugins
• Spam Prevention – spammers cannot connect to your site. Automatically block IP addresses that exceed spam comment thresholds
• File Access Protection – theme and plugin files securely protected from unauthorized access
• Deep Analysis – User-Agent, Accept-Language, GeoIP, PTR, DNSBL, cookies, browser fingerprint, AdBlock, Incognito detection
• Network & Protocol Control – block obsolete HTTP/1.0 clients and disable IPv6 if not used. Cloudflare-aware protection blocks origin bypass attempts

🔒 Login Security & 2FA

All login attempts pass through multi-layer filtering and CAPTCHA verification:

• Two-Factor Authentication Support – 2FA enhanced login security for admin area. Backup codes for recovery access. Universal 2FA app support – works with Google Authenticator, Authy, etc.
• Multi-layer CAPTCHA Protection – color buttons, animal images, floating shapes, floating math, Google reCAPTCHA v2/v3, and more. Any internal CAPTCHA can be combined with reCAPTCHA v3 for dual-layer protection
• Brute Force Protection – configurable login attempt limits. Failed attempts trigger temporary bans, with escalating penalties for repeated failures
• Advanced Anti-bot Challenges – proprietary CAPTCHA designed to be nearly impossible to bypass, even by AI-based anti-CAPTCHA services
• Intelligent Ban System – failed CAPTCHA results in configurable ban periods. Repeated failures trigger 24-hour bans
• Admin Access Simplification – special mechanism to ease site administrator login while maintaining security
• XML-RPC Control – options including complete disabling

🛠️ Security Tools

Comprehensive tools to block attackers and monitor your site in real-time:

• Advanced Blocking Rules – block by IP or build rules based on IP Range, Hostname, User Agent, Referrer, PTR record, ASN, country, city, and more
• IP-PTR-Host Mismatch Detection – automatically detect and block fake crawlers (e.g., fake Googlebots)
• Blacklist & Whitelist Management – instantly allow or block any IP, ASN, range, or User-Agent
• Live Traffic Monitoring – see all traffic in real-time: robots, humans, 404 errors, logins/logouts, file requests, and content consumption
• Server IP Identification – prevent lockouts by automatically identifying and protecting server IPs
• Visual Dashboard – intuitive charts and stats showing blocked attacks, world map of threat origins, top offending IPs/countries
• Detailed Security Log – every event logged with IP address, user agent, country, and blocking reason
• Hide Login URL (Premium Addon)

⚡ Performance & Integration

BotBlocker’s robust defense won’t slow your site down – in fact, it often improves performance under attack:

• Lightweight & Fast – negligible overhead in normal conditions. Reduces database and server load during attacks
• Built-in Caching – Redis and Memcached support for high-traffic environments
• Cache Plugin Compatibility – automatic DONOTCACHEPAGE + Cache-Control: no-store on verification pages. Works with WP Super Cache (PHP mode), W3 Total Cache, WP Rocket, LiteSpeed Cache, Hummingbird, and more. Server-level caches (Nginx FastCGI, Varnish, Cloudflare) may need a cookie-based bypass rule – see docs/CACHE-COMPATIBILITY.md
• DDoS Protection Compatibility – automatic detection of JS-challenges from DDoS-Guard, Stormwall, and similar services. See docs/DDOS-COMPATIBILITY.md for advanced configuration
• Seamless Compatibility – works with Cloudflare, CDN services, caching plugins, and optimizers
• Full IPv6 Support – all security functions work with both IPv4 and IPv6
• Server Optimization (Premium Addon) – additional performance enhancements for high-traffic sites

👤 Easy Setup & User-Friendly Interface

You don’t have to be a security expert to use BotBlocker:

• Quick Installation Wizard – step-by-step setup guide for configuration in under 1 minute
• Intuitive Admin Panel – organized settings with clear descriptions and tooltips
• Multilingual – translated into English, Spanish, German, French, Polish, Russian, Ukrainian, and more
• No Conflicts – built following WordPress best practices, tested with recent WP versions
• Adjustable Logging – configurable retention periods with time zone awareness and daylight saving support

Security first – BotBlocker’s on guard!

🔥 PRO Version

Upgrade to PRO for enhanced protection and performance features:

• Real-time cloud threat intelligence checks against global databases
• Hide login URL and protect against targeted attacks
• Early-init (Before WordPress loads) filtering for maximum performance and security
• Speed optimization features for high-traffic sites
• Server optimization features for high-traffic sites
• Priority support and updates
• Access to premium add-ons

Features

Detection & Analysis

BotBlocker employs advanced multi-layer detection to identify and block threats:

Detection Mechanisms:

• Local and cloud signature databases with real-time updates
• IP reputation and blacklist checks with global threat intelligence
• DNS-based and PTR lookups to detect fake crawlers
• Heuristic and behavioral analysis for suspicious patterns
• Browser fingerprint and feature mismatch detection
• Header and protocol validation
• JavaScript challenge and capability verification
• Multi-layered CAPTCHA verification

Comprehensive Request Analysis:

• Network & IP: Full IPv4/IPv6 support, blacklist/whitelist, country/GeoIP, ASN, hosting/VPN detection, TOR detection, PTR/DNSBL checks
• Browser & Client: User-Agent validation, browser/OS/device detection, fingerprint analysis, headless browser detection, JavaScript/cookie support
• Headers & Protocol: Accept-Language, Referer validation, HTTP version control, Cloudflare/proxy detection
• Advanced Fingerprinting: Font rendering, WebGL, media devices, touch events, battery API, permissions, timing analysis, plugin verification

CAPTCHA Modes

Choose from various CAPTCHA types to protect your site:

• Single Button – one-click verification for quick validation
• Google reCAPTCHA v2 – standard image/checkbox challenge
• Google reCAPTCHA v3 – invisible background scoring
• BotBlocker Color CAPTCHA – select colored buttons challenge
• BotBlocker Digits CAPTCHA – floating math challenge
• BotBlocker Images CAPTCHA – animal image selection
• BotBlocker Shapes CAPTCHA – floating shapes challenge
• Hybrid Mode – combine any CAPTCHA with reCAPTCHA v3 for dual-layer protection

Additional Capabilities

• Early-init & MU plugin support
• Real-time cloud threat checks
• Dynamic and graphical anti-bot challenges
• Automatic logging with adjustable retention
• Session tracking and verification
• No visitor data collected — GDPR/CCPA-compliant (see FAQ for admin notification details)

Privacy

BotBlocker Security does not collect or process personal data of your visitors. All cloud analysis is performed on technical parameters only (IP, headers, User-Agent). No personally identifiable information is collected, stored, or transmitted to any external service.

Support and Documentation

• Product site: https://botblocker.top/products/
• Documentation: https://botblocker.top/docs/
• Contact/support: https://botblocker.top/contacts/
• Community: https://botblocker.top/community/

License

This plugin is licensed under the GPLv2 or later. See LICENSE.txt for details.

Credits & Authors

BotBlocker Security is developed and maintained by GLOBUS.studio.

• Concept, architecture & code – Yevhen Leonidov: https://leonidov.dev/
• Code, code review – Andrii Lukashevych
• Code, translations – Aleksandr Kinakh

BotBlocker Security – The first line of defense for your WordPress site.