WordPress.org

Igbo

Get WordPress
WordPress.org

Plugin Directory

Bot Lockout

Bot Lockout

By kognetiks
Download

Description

Bot Lockout is a security plugin that implements a lightweight cryptographic challenge system to distinguish between real browsers and automated bots. Unlike traditional CAPTCHA systems, it uses JavaScript-based cryptographic operations that are easy for humans but difficult for most bots to solve.

Key Features

  • Lightweight Protection: Uses minimal resources and doesn’t impact site performance
  • Cryptographic Challenges: SHA-256 hashing with date and user agent binding
  • Smart Whitelisting: Allow trusted bots (Google, Bing, etc.) and IP addresses
  • Flexible Configuration: Exclude specific pages and customize block messages
  • Comprehensive Logging: Track blocked attempts for analysis
  • Custom Styling: Add custom CSS to match your site’s design
  • Daily Token Expiration: Prevents long-term bypass attempts

How It Works

  1. Initial Request: When a visitor accesses your site, the plugin checks for a valid challenge token
  2. JavaScript Challenge: If no token exists, a cryptographic challenge is presented
  3. Token Generation: The challenge combines the current date with the user agent string and creates a SHA-256 hash
  4. Secure Storage: The hash is base64 encoded, truncated, and stored as a secure cookie
  5. Validation: Subsequent requests are validated against the stored token

Security Features

  • Cryptographically Secure: Uses SHA-256 hashing algorithm
  • Time-Bound: Tokens expire daily to prevent long-term bypass
  • Browser-Specific: User agent binding prevents token sharing
  • Secure Cookies: Implements proper cookie security settings
  • Whitelist Support: Allow trusted services and IP addresses

Multi-Site Support

Bot Lockout supports WordPress Multi-Site installations with both network-wide and site-specific configurations:

  • Network Activation: Apply settings to all sites in the network
  • Site-Specific Activation: Independent settings for each site
  • Mixed Configuration: Network-wide defaults with site-specific overrides

Security Advisory

Bot Lockout is one layer in a broader security strategy, not a silver bullet.

While Bot Lockout is designed to deter automated bots and AI scrapers through cryptographic JavaScript challenges, no single solution can offer complete protection. Web scraping technologies continue to evolve, and determined actors may find ways to bypass front-end defenses.

This plugin should be used as part of a multi-layered approach to website security. For best results, we recommend combining Bot Lockout with additional tools such as server-level firewalls, rate limiting, CAPTCHA systems, behavior-based threat detection, and CDN-level bot mitigation.

Kognetiks makes no guarantee that this plugin will block all unwanted bot traffic. It is intended as a proactive, lightweight defense mechanism—not a comprehensive security system. Users are responsible for evaluating their own threat model and deploying appropriate complementary protections.

Support

For support, please visit the WordPress.org support forums or check the plugin documentation.

Credits

Developer: Kognetiks

This plugin is licensed under the GPL v3 or later.

Screenshots

  • General Settings
  • Blocked Attempts Logs
  • Test challenge
  • Support

Installation

Single Site Installation

From WordPress Plugin Directory (Recommended)

  1. Go to Plugins > Add New in your WordPress admin
  2. Search for “Bot Lockout”
  3. Click Install Now and then Activate

Manual Installation

  1. Download the plugin ZIP file
  2. Go to Plugins > Add New > Upload Plugin in your WordPress admin
  3. Choose the ZIP file and click Install Now
  4. Click Activate Plugin

FTP Installation

  1. Extract the plugin files
  2. Upload the bot-lockout folder to /wp-content/plugins/
  3. Go to Plugins in your WordPress admin
  4. Find “Bot Lockout” and click Activate

Multi-Site Installation

Network Activation (Recommended)

  1. Go to My Sites > Network Admin > Plugins in your WordPress admin
  2. Find “Bot Lockout” and click Network Activate
  3. Configure settings at My Sites > Network Admin > Settings > Bot Lockout

Site-Specific Activation

  1. Go to My Sites > Network Admin > Plugins in your WordPress admin
  2. Find “Bot Lockout” and click Enable for specific sites
  3. Configure settings at Settings > Bot Lockout on each individual site

FAQ

Does this plugin block legitimate users?

No, the plugin is designed to be transparent to legitimate users. It only presents a challenge once per day per browser, and the challenge is solved automatically via JavaScript.

What happens if JavaScript is disabled?

Users with JavaScript disabled will be blocked. This is by design as the protection relies on JavaScript execution to distinguish between real browsers and bots.

Can I whitelist specific bots?

Yes, you can add user agent strings for trusted bots like Googlebot, Bingbot, and other search engines in the plugin settings.

Does this affect site performance?

No, the plugin is designed to be lightweight. The JavaScript challenge runs only once per day per browser, and normal operation doesn’t require database queries.

Can I exclude specific pages?

Yes, you can specify pages or paths that should be excluded from protection, such as API endpoints, RSS feeds, or sitemap files.

Is this compatible with caching plugins?

Yes, the plugin works with most caching plugins. The challenge is presented before the cached content is served.

Does this work with CDNs?

Yes, the plugin is compatible with CDNs. The challenge is processed on your server before content is served through the CDN.

Can I customize the block message?

Yes, you can customize the block message and add custom CSS to match your site’s design.

How do I test if the plugin is working?

The plugin includes a built-in test tool in the admin settings that allows you to verify the challenge system works correctly.

What if I need to bypass the protection temporarily?

You can add your IP address to the whitelist in the plugin settings, or temporarily disable the plugin.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Bot Lockout” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Bot Lockout” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.0.0

  • Initial release
  • JavaScript cryptographic challenges
  • Admin settings interface
  • Whitelist support
  • Logging functionality
  • Custom CSS support
  • Test challenge tool
  • Multi-site support

Meta

Ratings

No reviews have been submitted yet.

Add my review

See all reviews

Contributors

Support

Got something to say? Need help?

View support forum