IPIntel AI Firewall
IPIntel AI Firewall (WAF) integrates AI-powered IP reputation analysis into WordPress to help site owners detect and mitigate automated abuse, scanners, and malicious traffic. Incoming requests are evaluated using external reputation signals and risk scoring. Based on the assessed risk level, traffic may be allowed, challenged for human verification, or blocked automatically. The plugin is designed to be easy to use and does not require custom code or infrastructure management. Project website: https://ipintel.ai Features AI-powered IP reputation and risk scoring Automatic allow, challenge, or block decisions Human verification challenge for suspicious traffic Compatible with aggressive caching environments (one-time manual configuration required) Optional visual security badge Simple configuration for non-technical users Free API key available with daily request limits Data Privacy This plugin connects to the IPIntel.ai API to analyze visitor IP addresses for security and threat detection purposes. Data transmitted to the external service: – Visitor IP address – API key (used solely for request authentication) No WordPress user account data, cookies, or User-Agent information are transmitted. The external service is used exclusively to determine whether a request should be allowed, challenged, or blocked. A free API key is available with a daily request limit. Get API key: https://ipintel.ai/dashboard Higher request limits require an upgrade. Terms of Service: https://ipintel.ai/terms Privacy Policy: https://ipintel.ai/privacy Page Cache Compatibility IPIntel AI Firewall relies on per-visitor verification. When full-page caching is enabled, the cache must vary by the verification cookie in order for challenges to work correctly. For LiteSpeed Cache: – Go to LiteSpeed Cache → Cache → Vary – Add the following cookie: ipintel_human_ok – Save changes and purge the cache This is a one-time configuration step. Without cache variation, it is technically impossible for any WordPress plugin to reliably challenge unverified visitors. Optional Footer Badge The plugin includes an optional footer badge that can be enabled from the settings page. When enabled, the badge displays a small visual indicator showing that the site is protected by IPIntel.ai. The badge does not collect data, perform tracking, or load external resources. The footer badge is disabled by default and can be turned on or off at any time.
Top keywords
- ipintel9×2.49%
- ai8×2.22%
- ipintel ai8×2.22%
- cache7×1.94%
- badge6×1.66%
- api5×1.39%
- request5×1.39%
- api key4×1.11%
- data4×1.11%
- external4×1.11%
- https4×1.11%
- https ipintel4×1.11%
JTZL's Bot Maze
JTZL’s Bot Maze protects your WordPress site from unwanted AI crawlers and scrapers by planting invisible trap links that only bots will follow. When a bot enters the trap maze, it gets lost in an ever-expanding maze of realistic-looking fake pages while it quietly builds a suspicion score based on its behavior. How it works: Trap link injection — Invisible links are added to your real pages. Legitimate visitors never see them, but bots following every link on the page will enter the trap maze. Lazy maze generation — Trap pages link to more trap pages, generated on demand. The deeper a bot goes, the more time it wastes. Bot scoring — Each trap page visit adds suspicion points. Deeper traversal earns bonus points. Once a threshold is reached, the visitor is flagged as a bot. Blocking and tarpitting — Flagged bots can be blocked outright (403), served decoy pages (light tarpit), or slowed down with a deliberate delay (full tarpit). Crawler verification — Known search engine crawlers (Googlebot, Bingbot, etc.) are verified via reverse DNS and exempted from scoring. Features: Zero impact on legitimate visitors — trap links are hidden from humans and search engines Configurable injection method (content, footer, or both) Adjustable scoring thresholds and blocking behavior robots.txt integration to signal trap paths as disallowed Analytics dashboard showing bot activity, top IPs, and score distribution Blocked Bots detail page showing full user agent, score, visit history Optional comprehensive tracking mode to monitor blocked bot persistence Automatic log retention and maintenance via WP-Cron Privacy policy suggestion for GDPR compliance Geographic heat map of bot activity by country with two GeoIP provider options MaxMind GeoLite2 local database — all lookups on your server, GDPR-friendly (recommended) ip-api.com external API — simple setup, no license key required Lightweight — minimal footprint, geographic tracking is fully optional Third-Party Services This plugin offers optional geographic tracking with two provider options. No data is sent to any external service unless a site administrator explicitly enables one of these providers. MaxMind GeoLite2 (Recommended) When MaxMind GeoLite2 is selected as the GeoIP provider (Settings > Bot Maze > Geographic Tracking), the plugin downloads the GeoLite2-Country database from MaxMind and performs all IP-to-country lookups locally. No visitor data leaves your server. What is downloaded: The GeoLite2-Country database (~60 MB), updated weekly via WP-Cron. What is sent to MaxMind: Only your license key during database downloads. No visitor IP addresses are shared. Requires: A free MaxMind license key from maxmind.com/en/geolite2/signup. Service website: https://www.maxmind.com License: GeoLite2 databases are licensed under CC BY-SA 4.0. Terms of service: https://www.maxmind.com/en/geolite2/eula ip-api.com When ip-api.com is selected as the GeoIP provider, the plugin sends visitor IP addresses to ip-api.com to resolve their country of origin. This data is used to display a geographic heat map of bot activity in the admin dashboard. What is sent: The visitor’s IP address only, over unencrypted HTTP. When it is sent: At the time a trap page visit is recorded, only while this provider is selected. Service website: http://ip-api.com Terms of service: https://ip-api.com/docs/legal Privacy policy: ip-api.com does not log queries from the free API endpoint. Note: The free tier only supports HTTP (not HTTPS). If your site must comply with GDPR, use the MaxMind local database option instead. Geographic tracking is off by default and requires explicit opt-in by a site administrator.