EDH Bad Bots
EDH Bad Bots is an intelligent bot detection and blocking system that protects your WordPress site from unwanted crawlers and malicious bots. Unlike traditional blocking methods that rely on user agent strings (which can be easily spoofed), this plugin uses a honeypot technique to identify and block bots that don’t respect your site’s robots.txt directives. Key Features Automatic Bot Detection: Identifies bad bots using a hidden trap URL technique Smart Blocking System: Blocks misbehaving bots with configurable duration (default 30 days) Advanced DNS Resolution: PTR record lookups with DNS over HTTPS (DoH) support for hostname identification Dual-Level Blocking: Server-level .htaccess blocking AND PHP-level blocking for maximum effectiveness Configurable Blocking Methods: Choose between .htaccess blocking (Apache) or PHP-only blocking (Nginx compatible) IP Whitelist Management: Protect trusted IPs from ever being blocked Enhanced Admin Interface: Clean dashboard with hostname display, manual hostname updates, and debug tools Background Processing: Automated hostname resolution via WordPress cron jobs Legitimate Crawler Protection: Synchronous FCrDNS verification prevents Googlebot and similar crawlers from being blocked, even if robots.txt is misconfigured robots.txt Health Check: Daily cron monitors for a physical robots.txt missing the trap Disallow rule and alerts the admin Database Optimization: Automatic cleanup of expired blocks to maintain performance Security-First Design: All forms include proper nonce verification and user capability checks How It Works The plugin implements a sophisticated honeypot system: Trap URL Generation: Creates a unique, hidden URL specific to your domain Robots.txt Integration: Automatically adds a Disallow rule for the trap URL Hidden Link Placement: Places an invisible link to the trap URL in your site’s footer Bot Detection: When bad bots ignore robots.txt and follow the hidden link, they’re identified Automatic Blocking: Detected bot IPs are blocked with configurable duration and immediate effect Hostname Resolution: PTR record lookups identify the hostname/organization behind blocked IPs Legitimate Crawler Guard: If a request to the trap URL carries a Googlebot, Bingbot, or similar User-Agent, FCrDNS is run synchronously before any block decision. Verified crawlers are whitelisted on the spot; spoofed UAs are blocked normally. robots.txt Health Check: A daily cron fetches and validates the site’s robots.txt. If a physical file is missing the Disallow rule, an admin notice is shown until the issue is resolved. Configuration Admin Dashboard Access the plugin dashboard at Tools > Bad Bots in your WordPress admin: Whitelisted IPs Tab Add IP addresses that should never be blocked Remove IPs from the whitelist View all currently whitelisted addresses with timestamps Blocked Bots Tab View all currently blocked IP addresses with hostnames See when each IP was blocked and when the block expires Manually update missing hostnames for better identification Force refresh all hostnames to clear cache and re-resolve Debug hostname resolution issues (when WP_DEBUG is enabled) Manually unblock IPs if needed Options Tab .htaccess Blocking: Enable/disable server-level IP blocking via .htaccess file Block Duration: Configure how many days to block detected bots Configure blocking method based on your server setup (Apache vs Nginx) Server-level blocking bypasses caching for immediate effect Help Tab Detailed explanation of how the plugin works Best practices for managing IPs Information about .htaccess blocking options Unique trap URL for caching plugin exclusion Requirements WordPress 6.2 or higher PHP 7.4 or higher MySQL 5.6 or higher Apache server (for .htaccess blocking) or Nginx (PHP-only blocking) Writable .htaccess file (if using Apache server-level blocking) Technical Details Database Tables The plugin creates two custom database tables: wp_edhbb_blocked_bots: Stores blocked IP addresses with expiration dates and hostnames wp_edhbb_whitelisted_ips: Stores permanently whitelisted IP addresses DNS Resolution System The plugin includes an advanced DNS lookup system: DNS over HTTPS (DoH) Support Primary providers: Cloudflare DNS, Google DNS Secure queries: HTTPS-encrypted DNS requests for enhanced privacy Fallback system: Automatic fallback to traditional DNS methods PTR Record Lookups Reverse DNS: Converts IP addresses to hostnames for better identification IPv4 and IPv6 support: Full support for both IP versions Caching: Results cached for 1 hour to improve performance Background processing: Automated hostname resolution via WordPress cron Blocking Methods The plugin offers two blocking approaches: 1. Server-Level Blocking (.htaccess) Default method for Apache servers Blocks IPs at the server level before WordPress loads Bypasses caching plugins for immediate effect More efficient and faster blocking Automatically manages .htaccess file with unique markers Safe cleanup on plugin deactivation 2. PHP-Level Blocking Alternative method for Nginx or when .htaccess is unavailable Blocks IPs during WordPress initialization Compatible with all web servers May be affected by caching plugins No server configuration files modified Security Features Nonce Verification: All forms use WordPress nonces for CSRF protection Capability Checks: Only users with manage_options capability can access admin features Input Sanitization: All user inputs are properly sanitized and validated SQL Injection Protection: All database queries use prepared statements Safe .htaccess Management: Uses unique markers and automatic cleanup Performance Optimization Automatic Cleanup: Expired blocks are automatically removed from the database Efficient Queries: Database operations are optimized for minimal performance impact Smart Loading: Admin assets only load on the plugin’s admin page Server-Level Blocking: .htaccess blocking prevents blocked requests from reaching PHP Whitelist Filtering: Whitelisted IPs are excluded from .htaccess rules automatically DNS Caching: Hostname lookups cached to reduce DNS query overhead Background Processing: Hostname resolution runs in background to avoid delays API Hooks Actions plugins_loaded: Plugin initialization init: Early request blocking check template_redirect: Bot trap detection wp_footer: Hidden link injection admin_menu: Admin page registration admin_notices: robots.txt misconfiguration warning edhbb_update_hostnames_cron: Background hostname resolution (hourly) edhbb_check_robots_txt_cron: robots.txt Disallow validation (daily) Filters robots_txt: Adds disallow rule to robots.txt edhbb_trusted_crawler_domains: Customise the FCrDNS hostname suffixes used to identify legitimate crawlers (e.g. .googlebot.com) edhbb_trusted_crawler_ua_patterns: Customise the User-Agent tokens that trigger a synchronous FCrDNS check on trap hits (e.g. googlebot, bingbot) File Structure ` edh-bad-bots/ ├── admin/ │ └── views/ │ └── admin-display.php # Admin interface HTML ├── assets/ │ ├── css/ │ │ └── admin-style.css # Admin page styling │ └── js/ │ └── admin-script.js # Admin page JavaScript ├── includes/ │ ├── class-edhbb-admin.php # Admin functionality │ ├── class-edhbb-blocker.php # Bot detection and blocking │ ├── class-edhbb-database.php # Database operations │ └── class-edhbb-dnslookup.php # DNS/PTR lookup system ├── edh-bad-bots.php # Main plugin file ├── LICENSE └── readme.txt ` Contributing Contributions are welcome! Please feel free to submit a Pull Request. Development Setup Clone the repository to your WordPress plugins directory Ensure you have a WordPress development environment running Activate the plugin and test your changes License This project is licensed under the GPL v3 or later. Author EncodeDotHost – Website: https://encode.host – GitHub: @EncodeDotHost Support For support, please visit the support forum: https://wordpress.org/support/plugin/edh-bad-bots/
Top keywords
- blocking27×2.43%
- admin16×1.44%
- txt14×1.26%
- dns13×1.17%
- htaccess13×1.17%
- robots13×1.17%
- robots txt13×1.17%
- blocked12×1.08%
- hostname12×1.08%
- ips11×0.99%
- wordpress11×0.99%
- bots10×0.90%
OWH Domain WHOIS RDAP
OWH Domain WHOIS RDAP is a powerful and modern WordPress plugin that enables domain availability checking using exclusively the RDAP (Registration Data Access Protocol), abandoning legacy WHOIS protocol. The plugin provides a complete domain verification experience with an intuitive interface, advanced Gutenberg blocks, and detailed WHOIS/RDAP information. Why Choose OWH Domain WHOIS RDAP? Modern RDAP Protocol: Uses only RDAP (JSON) for faster and more accurate queries Official TLD Validation: Validates domain extensions using IANA’s official list (data.iana.org/rdap/dns.json) Real-Time Validation: Real-time domain validation with TLD pre-verification Multiple TLD Support: Compatible with hundreds of official domain extensions How It Works Domain Input: Users enter domain name in the search form TLD Validation: Plugin validates the domain extension against IANA’s official list RDAP Query: If valid, performs RDAP query to appropriate server Result Display: Shows availability status with detailed information Perfect For Web Hosting Companies: Domain search functionality for hosting services Domain Registrars: Integration with domain registration systems Web Agencies: Client domain availability checking Developers: Modern RDAP implementation for domain services IT Professionals: Reliable domain information gathering Technical Highlights RDAP Protocol: Modern replacement for legacy WHOIS (port 43) JSON Responses: Structured, machine-readable domain data IANA Integration: Official TLD list synchronization Clean Architecture: PSR-4 compliant with dependency injection Configuration Initial Setup Navigate to OWH RDAP Settings Enable Domain Search option Set your Search Results Page (create a page with [owh-rdap-whois-results] shortcode) Set your WHOIS Details Page (create a page with [owh-rdap-whois-details] shortcode) Save settings Page Setup Search Page: Add the shortcode [owh-rdap-whois-search] to any page Results Page: Create a page with [owh-rdap-whois-results] shortcode Details Page: Create a page with [owh-rdap-whois-details] shortcode Gutenberg Block Setup Edit any page or post with Gutenberg editor Add a new block and search for “RDAP Domain Search Enhanced” Configure visual options: Colors (text, background, button) Typography (font size) Borders (radius, width, color) Layout (standard or inline) Custom CSS External Services This plugin connects to external services to obtain domain information and TLD validation data. These services are essential for providing accurate domain availability information and ensuring proper domain validation. IANA RDAP DNS Bootstrap Service What the service is: IANA RDAP DNS Bootstrap Service (https://data.iana.org/rdap/dns.json) – The official Internet Assigned Numbers Authority service for RDAP server discovery What it is used for: Primary source for obtaining the official list of TLD (Top Level Domains) and their corresponding RDAP servers What data is sent: No personal data is sent. The plugin downloads the public DNS bootstrap file containing TLD-to-RDAP-server mappings When data is sent: During TLD list updates (manual or automatic) and when validating domain extensions RDAP Servers (Various Domain Registries) What the service is: Various RDAP servers operated by domain registries and registrars worldwide (e.g., Verisign for .com/.net, PIR for .org, etc.) What it is used for: Querying domain registration information and availability status using the RDAP protocol What data is sent: Only the domain name being queried (e.g., “example.com”). No personal or sensitive information is transmitted When data is sent: When users perform domain availability searches through the plugin interface Important Notes: – Domain queries are cached locally to improve performance and reduce external service requests – No personal, private, or sensitive data is transmitted to these services – Only domain names and TLD information are sent for legitimate domain availability checking – All communications use secure HTTPS connections – The plugin respects rate limiting and best practices for RDAP queries – If external services are unavailable, the plugin uses cached TLD data and provides appropriate error messages Support For technical support, feature requests, or bug reports: Support Portal: Link Nacional Support GitHub: Report issues on our GitHub repository Transform your website into a professional domain checking service with OWH Domain WHOIS RDAP today!