plugin-icon

BotBlocker Security – Firewall & Bot Protection

Di Yevhen Leonidov·
Protect your WordPress site: firewall, bot & brute-force protection, anti-spam, multi-layer CAPTCHA, optional cloud threat intel.
anti-spam
Brute Force
captcha
Valutazione
5/5
Versione
1.6.8
Installazioni attive
500
Ultimo aggiornamento
Dec 15, 2025
BotBlocker Security – Firewall & Bot Protection

WordPress Security Plugin & Firewall (WAF)

Every day, automated bots and hackers bombard websites with attacks. Mass botnets, fake search engine crawlers, brute-force login attempts, and spam bots can overwhelm your WordPress site – stealing data, overloading your server, and defacing content. It’s a 24/7 threat to your business. If you’re looking for WordPress site protection, you need a proactive defense that stops these attacks before they reach your website.

BotBlocker Security is the all-in-one solution to keep your site safe from automated threats. This powerful WordPress security plugin and Web Application Firewall (WAF) acts as a dedicated anti-bot firewall, blocking malicious traffic at the front gate without slowing down your site.

BotBlocker’s setup and onboarding experience allows anyone to secure their WordPress site in under 1 minute, regardless of technical expertise. You can rest assured knowing you have enabled the right site protection settings to protect your website.

🔥 WordPress Firewall (WAF)

BotBlocker Security includes an endpoint firewall/WAF that identifies and blocks malicious traffic before it reaches WordPress. Built and maintained by a team focused 100% on WordPress security, our Web Application Firewall protects your site while reducing server load.

BotBlocker intercepts bad traffic at the earliest stage – even before WordPress or your theme loads. By running as a must-use plugin (MU-plugin) on early init, it blocks threats before WordPress initializes, drastically reducing server load during attacks.

Key Firewall Features:

  • Real-time firewall rule updates via the BotBlocker Threat Defense Feed
  • Real-time IP Blocklist blocks all requests from the most malicious IPs
  • Early-init protection – blocks threats before WordPress loads
  • Cloud-based threat intelligence – cross-checks every visitor against global threat databases
  • No personal data collected – only technical request parameters analyzed (100% GDPR/CCPA-compliant)
  • Brute force protection with login attempt limits and multi-layer verification

📡 WordPress Security Scanner & Site Protection

Every attempt to access your site is thoroughly analyzed and filtered. BotBlocker provides comprehensive site protection across all entry points:

  • XML-RPC and API Protection – all endpoints blocked by default. Create access rules for trusted services and add allowed URLs for payment plugins
  • Spam Prevention – spammers cannot connect to your site. Automatically block IP addresses that exceed spam comment thresholds
  • File Access Protection – theme and plugin files securely protected from unauthorized access
  • Deep Analysis – User-Agent, Accept-Language, GeoIP, PTR, DNSBL, cookies, browser fingerprint, AdBlock, Incognito detection
  • Network & Protocol Control – block obsolete HTTP/1.0 clients and disable IPv6 if not used. Cloudflare-aware protection blocks origin bypass attempts

🔒 Login Security & Bot Protection

All login attempts pass through multi-layer filtering and CAPTCHA verification:

  • Multi-layer CAPTCHA Protection – color buttons, animal images, floating shapes, floating math, Google reCAPTCHA v2/v3
  • Advanced Anti-bot Challenges – proprietary CAPTCHA designed to be nearly impossible to bypass, even by AI-based anti-CAPTCHA services
  • Intelligent Ban System – failed CAPTCHA results in configurable ban periods. Repeated failures trigger 24-hour bans
  • Admin Access Simplification – special mechanism to ease site administrator login while maintaining security
  • XML-RPC Control – options including complete disabling
  • Two-Factor Authentication Support – enhanced login security for administrators

🛠️ Security Tools

Comprehensive tools to block attackers and monitor your site in real-time:

  • Advanced Blocking Rules – block by IP or build rules based on IP Range, Hostname, User Agent, Referrer, PTR record, ASN, country, city, and more
  • IP-PTR-Host Mismatch Detection – automatically detect and block fake crawlers (e.g., fake Googlebots)
  • Blacklist & Whitelist Management – instantly allow or block any IP, ASN, range, or User-Agent
  • Live Traffic Monitoring – see all traffic in real-time: robots, humans, 404 errors, logins/logouts, file requests, and content consumption
  • Server IP Identification – prevent lockouts by automatically identifying and protecting server IPs
  • Visual Dashboard – intuitive charts and stats showing blocked attacks, world map of threat origins, top offending IPs/countries
  • Detailed Security Log – every event logged with IP address, user agent, country, and blocking reason
  • Hide Login URL (Premium Addon)

⚡ Performance & Integration

BotBlocker’s robust defense won’t slow your site down – in fact, it often improves performance under attack:

  • Lightweight & Fast – negligible overhead in normal conditions. Reduces database and server load during attacks
  • Built-in Caching – Redis and Memcached support for high-traffic environments
  • Seamless Compatibility – works with Cloudflare, CDN services, caching plugins, and optimizers
  • Full IPv6 Support – all security functions work with both IPv4 and IPv6
  • Server Optimization (Premium Addon) – additional performance enhancements for high-traffic sites

👤 Easy Setup & User-Friendly Interface

You don’t have to be a security expert to use BotBlocker:

  • Quick Installation Wizard – step-by-step setup guide for configuration in under 1 minute
  • Intuitive Admin Panel – organized settings with clear descriptions and tooltips
  • Multilingual – translated into English, Spanish, German, French, Polish, Russian, Ukrainian, and more
  • No Conflicts – built following WordPress best practices, tested with recent WP versions
  • Adjustable Logging – configurable retention periods with time zone awareness and daylight saving support

Security first – BotBlocker’s on guard!

Features

Detection & Analysis

BotBlocker employs advanced multi-layer detection to identify and block threats:

Detection Mechanisms:

  • Local and cloud signature databases with real-time updates
  • IP reputation and blacklist checks with global threat intelligence
  • DNS-based and PTR lookups to detect fake crawlers
  • Heuristic and behavioral analysis for suspicious patterns
  • Browser fingerprint and feature mismatch detection
  • Header and protocol validation
  • JavaScript challenge and capability verification
  • Multi-layered CAPTCHA verification

Comprehensive Request Analysis:

  • Network & IP: Full IPv4/IPv6 support, blacklist/whitelist, country/GeoIP, ASN, hosting/VPN detection, TOR detection, PTR/DNSBL checks
  • Browser & Client: User-Agent validation, browser/OS/device detection, fingerprint analysis, headless browser detection, JavaScript/cookie support
  • Headers & Protocol: Accept-Language, Referer validation, HTTP version control, Cloudflare/proxy detection
  • Advanced Fingerprinting: Font rendering, WebGL, media devices, touch events, battery API, permissions, timing analysis, plugin verification

CAPTCHA Modes

Choose from various CAPTCHA types to protect your site:

  • Single Button – one-click verification for quick validation
  • Google reCAPTCHA v2 – standard image/checkbox challenge
  • Google reCAPTCHA v3 – invisible background scoring
  • BotBlocker Color CAPTCHA – select colored buttons challenge
  • BotBlocker Digits CAPTCHA – floating math challenge
  • BotBlocker Images CAPTCHA – animal image selection
  • BotBlocker Shapes CAPTCHA – floating shapes challenge
  • Hybrid Mode – combine any CAPTCHA with reCAPTCHA v3 for dual-layer protection

Additional Capabilities

  • Early-init & MU plugin support
  • Real-time cloud threat checks
  • Dynamic and graphical anti-bot challenges
  • Automatic logging with adjustable retention
  • Session tracking and verification
  • No personal data collected (100% GDPR/CCPA-compliant)

Privacy

BotBlocker Security does not collect or process personal data of your visitors. All cloud analysis is performed on technical parameters only (IP, headers, User-Agent). No personally identifiable information is collected, stored, or transmitted to any external service.

Support and Documentation

License

This plugin is licensed under the GPLv2 or later. See LICENSE.txt for details.

Credits & Authors

BotBlocker Security is developed and maintained by GLOBUS.studio.

  • Concept, architecture & code – Yevhen Leonidov: https://leonidov.dev/
  • Code, code review – Andrii Lukashevych
  • Code, translations – Aleksandr Kinakh

BotBlocker Security – The first line of defense for your WordPress site.

Gratuitosul piano Business
Comincia ora
Eseguendo l'installazione, accetti i Termini di servizio di WordPress.com e i Termini dei plugin di terze parti.
Testato fino alla versione
WordPress 6.9
Questo plugin ora può essere scaricato per il tuo sito .
Scarica