Description
BotFirewall is a powerful and modern plugin designed to protect your WordPress site from malicious bots, spam, and DDoS attacks. Using advanced JavaScript verification and encrypted cookies, BotFirewall ensures robust security without disrupting the experience of real users.
Why Do You Need BotFirewall?
In today’s internet landscape, bots make up a significant portion of web traffic, and many of them are malicious. They can attack your site, send spam, scrape content, or attempt to hack login pages like wp-login.php. BotFirewall addresses these threats by providing smart and flexible protection that:
– Blocks bots with seamless JavaScript verification that most bots cannot pass.
– Secures key pages like wp-login.php and wp-signup.php from unauthorized access.
– Uses encrypted cookies to ensure only verified users gain access.
– Offers customizable settings through an intuitive interface in the WordPress admin panel.
Key Features of BotFirewall
- JavaScript Verification: Ensures visitors can execute JavaScript, effectively filtering out most bots.
- Encrypted Cookies: Cookies are tied to IP and User-Agent for enhanced security against spoofing.
- Customizable Page Protection: Enable or disable protection for
wp-login.phpandwp-signup.phppages via settings. - Whitelist and Blacklist: Configure lists of allowed bots (e.g., Googlebot) and IPs, and block known malicious IPs, including subnet support (e.g., 192.168.0.0/24).
- Exclude URLs: Specify URLs to bypass bot protection entirely (e.g., for APIs or specific pages).
- Real-Time Statistics: Monitor bot activity with detailed stats – filter by time periods (Last 24 hours, Last Week, Last Month).
- Action Logging: Logs blocks and successful verifications with URL details, keeping data for the last 30 days.
- Allowed Bots Tab: Easily select known bots to allow without verification, with quick filters for bot types.
- Recent Activity: View the latest 10 logged sessions with details like IP, URL, and status.
- Lightweight and Fast: Optimized for minimal impact on site performance.
- Clean Uninstall: Removes all data, including logs and settings, upon deactivation and deletion.
- Customizable Verification Page: Tailor the text (title, description, countdown), CSS styling, and logo of the verification page to match your site’s design.
- Enhanced Support: Get assistance directly through Live Chat in the Support tab for quick resolution of issues.
How Does BotFirewall Work?
BotFirewall employs a multi-layered protection system:
1. Cookie Check: If a visitor has a valid cookie, they bypass additional checks.
2. Whitelist: Known “good” bots (e.g., search engine crawlers) are automatically allowed.
3. JavaScript Verification: If no cookie is present, the visitor is redirected to a verification page where they must execute a JavaScript request. Bots unable to run JavaScript are blocked.
4. Login Page Protection: Optionally protect wp-login.php and wp-signup.php to prevent brute-force attacks.
5. Post-Verification Redirect: After successful verification, the user is redirected to their original page, and a cookie is set for future visits.
Why BotFirewall is a Must-Have for Your Site
- Spam and DDoS Protection: Effectively blocks bots that attempt to spam or overload your site.
- Login Security: Safeguards
wp-login.phpandwp-signup.phpfrom unauthorized access and brute-force attacks. - Flexibility: Customize protection with whitelists, blacklists, cookie lifetime settings, and verification page styling.
- Transparency: Detailed statistics and logs let you monitor bot activity.
- Ease of Use: A user-friendly interface in the WordPress admin panel makes configuration a breeze.
- Professional Look: Customize the verification page with your own text, styles, logo, and a modern font (Roboto) for a polished appearance.
- Reliable Support: Access our support team via Live Chat for help with any technical or security issues.
BotFirewall is an essential tool for WordPress site owners who want to protect their content, users, and server from malicious bots. Install BotFirewall today and secure your site with confidence!
Screenshots
Dashboard with activity stats and toggle. 
Settings tab with whitelist/blacklist options and page protection settings. 
Customization tab for styling the verification page. 
Allowed Bots tab for easy bot whitelisting.
Installation
- Upload the
botfirewallfolder to the/wp-content/plugins/directory. - Activate the plugin through the ‘Plugins’ menu in WordPress.
- Go to the BotFirewall menu in your admin dashboard to configure settings.
- Optionally, enable protection for
wp-login.phpandwp-signup.phpin the Settings tab. - Customize the verification page text, styling, and logo in the Customization tab.
FAQ
-
How does BotFirewall detect bots?
-
BotFirewall uses JavaScript verification to detect bots. If a visitor cannot execute JavaScript, they are considered a bot and blocked. Additionally, it checks for a valid cookie to allow verified users to bypass the verification process.
-
Can I allow search engine bots like Googlebot?
-
Yes! You can add search engine bots to the whitelist in the Settings tab. For example, add “Googlebot” or “Bingbot” to the “Whitelisted Bots” list, and they will be allowed to access your site without verification.
-
Does BotFirewall protect my login page?
-
Yes, you can enable protection for
wp-login.phpandwp-signup.phpin the Settings tab. This helps prevent brute-force attacks and unauthorized access to these sensitive pages. -
What happens if a visitor fails verification?
-
If a visitor fails verification (e.g., they cannot execute JavaScript), they will be blocked, and the attempt will be logged in
/wp-content/botfirewall-logs/blocked.logwith details like IP, User-Agent, URL, and timestamp. -
Does BotFirewall slow down my site?
-
No, BotFirewall is lightweight and optimized for performance. It only triggers verification for unverified visitors, and the process is seamless for real users.
-
Can I customize the verification process?
-
Yes, you can customize the cookie lifetime, whitelist bots and IPs, blacklist IPs, and choose whether to protect specific pages like
wp-login.phpandwp-signup.phpthrough the Settings tab. Additionally, you can customize the verification page text, styling, and logo in the Customization tab. -
What happens when I uninstall the plugin?
-
BotFirewall performs a clean uninstall, removing all its settings, logs, and data from your WordPress installation, leaving no trace behind.
-
Can I preview my verification page customizations?
-
Yes! In the Customization tab, you can use the Preview button to see how your verification page will look with the customized text, logo, and styles before saving.
-
How can I get help if I encounter issues?
-
Visit the Support tab in the BotFirewall admin panel to access our Live Chat feature, where you can get real-time assistance from our support team for any technical or security concerns.
-
Can I exclude specific URLs from bot protection?
-
Yes! In the Settings tab, you can specify URLs to exclude from bot protection using the “Exclude URLs” setting. Visitors accessing these URLs will bypass all verification checks, which is useful for pages like APIs or contact forms.
-
Can I customize the logo on the verification page?
-
Yes! In the Customization tab, you can upload a custom logo for the verification page using the “Verification Page Logo” setting. By default, the logo is set to a 350px width, which can be adjusted via the Custom CSS setting.
Reviews
Contributors & Developers
“BotFirewall” is open source software. The following people have contributed to this plugin.
Contributors
Translate “BotFirewall” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
2.3.2
- Added Exclude URLs setting to bypass bot protection for specific URLs.
- Added option to upload a custom logo for the verification page in the Customization tab.
- Enhanced logging to include URL and store logs for the last 30 days only.
- Added Allowed Bots tab with quick filters for selecting bots to whitelist.
- Added time-based filtering for statistics (Last 24 hours, Last Week, Last Month) in the Dashboard tab.
- Added Recent Activity table in the Dashboard tab, showing the latest logged sessions with URL details.
2.1.6
- Added Customization tab to allow tailoring of verification page text and CSS styling.
- Integrated local Roboto font for a modern look on the verification page.
- Added Preview and Reset buttons in the Customization tab for easier design adjustments.
- Introduced Support tab with Live Chat for real-time assistance.
2.1.5
- Initial release with JavaScript verification, encrypted cookies, and full logging.
- Added settings to protect
wp-login.phpandwp-signup.php.