English Β· Deutsch Β· EspaΓ±ol Β· FranΓ§ais Β· Polski Β· PortuguΓͺs Β· Π ΡΡΡΠΊΠΈΠΉ Β· Π£ΠΊΡΠ°ΡΠ½ΡΡΠΊΠ° Β· Ψ§ΩΨΉΨ±Ψ¨ΩΨ© Β· δΈζ Β· ζ₯ζ¬θͺ
WordPress Firewall & Bot Protection
Stop bots, brute force, spam, and fake crawlers - before they reach WordPress.
Website Β· WordPress.org Β· Documentation Β· Pricing Β· Community
BotBlocker Security blocks 99% of automated attacks before WordPress even loads. No bloat, no slowdowns, no monthly fees for core protection. Setup in 60 seconds.
Three interception layers stop bad traffic at wp-config.php (before WordPress), MU-plugin phase, and the main shield - saving 30β100ms and 5β20MB RAM per blocked request. Competitors react after WordPress boots; BotBlocker stops threats at the door.
3,000+ active installations Β· 8 languages Β· GDPR / CCPA compliant Β· Works with Cloudflare, WP Rocket, LiteSpeed, WooCommerce, Elementor, multisite, IPv6
- Three-layer firewall with real-time WAF rule updates
- 2,899 User-Agent signatures - largest blacklist among WordPress plugins
- Brute force protection with progressive lockouts and escalating bans
- Anti-spam for comments, registration, and contact forms
- Fake crawler detection via FCrDNS - 95% effective, impossible to spoof
- LLM / AI crawler management - allow or block GPTBot, ClaudeBot, PerplexityBot, Bytespider
- Country, ASN, IP range, User-Agent, Referer blocking rules
- Cloudflare-aware real-IP resolution and origin bypass protection
- Full IPv6 support - separate tables and logic for IPv4 and IPv6
- DDoS protection auto-detection - JS-challenge recognition for DDoS-Guard, Stormwall, Qrator. The only WordPress plugin that works behind aggressive DDoS protection without manual whitelisting
- Two-Factor Authentication - TOTP standard (Google Authenticator, Authy, Bitwarden)
- 9 CAPTCHA modes:
- Silent Auto-Verify -- real users pass automatically with zero clicks, bots see "Access denied"
- Shapes CAPTCHA -- 60fps Canvas with moving geometric figures, ~100x harder for AI to crack than reCAPTCHA
- Color CAPTCHA -- select the correct color combination
- Images CAPTCHA -- visual recognition challenge
- Digits CAPTCHA -- numeric verification
- Hold Button CAPTCHA -- press-and-hold human verification
- Single Button CAPTCHA -- one-click verification
- reCAPTCHA v2 -- Google's "I'm not a robot"
- reCAPTCHA v3 -- invisible score-based verification
- Hybrid CAPTCHA -- combine any internal CAPTCHA with reCAPTCHA v3 for two-layer invisible defense
- Hide login URL (PRO)
Auto-detects 25+ e-commerce platforms and 150+ payment providers (Stripe, PayPal, WooCommerce, etc.). Webhooks and IPN callbacks never get blocked.
- Live traffic monitor with attack map and 54 unique event codes
- Health Score gauge - 42 parameters, 5 security levels
- 8 interface languages - English, Deutsch, EspaΓ±ol, FranΓ§ais, Polski, Π ΡΡΡΠΊΠΈΠΉ, Π£ΠΊΡΠ°ΡΠ½ΡΡΠΊΠ°
- Clean uninstall - zero leftover data
| Feature | Free | Premium | Pro | Ultimate |
|---|---|---|---|---|
| Real-time visitor statistics | β | β | β | β |
| MU-Mode | β | β | β | β |
| Brute-force protection | β | β | β | β |
| Fake crawler detection (FCrDNS) | β | β | β | β |
| Local bot blocking | β | β | β | β |
| Redis / Memcached integration | β | β | β | β |
| Early Init Mode | -- | β | β | β |
| Cloud IP intelligence | -- | β | β | β |
| Zero-day botnet updates | -- | β | β | β |
| 5M+ bots signatures | -- | β | β | β |
| Behavioral analysis engine | -- | β | β | β |
| Cloud checks / month | -- | 25k | 100k | 250k |
| Unlock Addons | -- | β | β | β |
| Priority support | -- | β | β | β |
| Emergency support (24h) | -- | -- | -- | β |
| Monthly price | Free | $12 | $50 | $100 |
| Annual price | Free | $11/mo | $45.8/mo | $91.6/mo |
Annual billing includes 1 month free. Licensed per domain via Freemius. Compare plans β
| BotBlocker | Typical security plugins | |
|---|---|---|
| Interception point | Before WordPress loads | After WordPress boots |
| CPU/RAM per blocked request | 30β100ms / 5β20MB RAM saved | Full WordPress stack loaded |
| CAPTCHA modes | 9 (proprietary + reCAPTCHA) | 1β2 (reCAPTCHA only) |
| AI-resistant CAPTCHA | Yes -- Shapes ~100x harder to crack than reCAPTCHA (crackable for $2-3/1,000) | No |
| Free tier limits | None - full firewall, all CAPTCHAs, full 2FA | Crippled features, nag screens |
| Privacy | All data stays on your server | Telemetry, external API calls |
| Measured overhead | +3β15ms for verified visitors | +20β200ms |
- PHP 7.4β8.5
- WordPress 5.1β7.0+
- Platform Linux, Windows, shared hosting
- Database Zero DB queries for returning visitors - 9 pre-generated PHP runtime files
- Cache Redis / Memcached support (auto-disable on failure)
- CDN / DDoS Cloudflare, Sucuri, StackPath, DDoS-Guard, Stormwall compatible
- License GPL-2.0+
- π botblocker.top
- π WordPress.org Plugin
- π Documentation
- π° Pricing
- π¬ Community
- π§ Contact
Built by GLOBUS.studio Β· Yevhen Leonidov Β· Andrii Lukashevych Β· Aleksandr Kinakh