Linux 软件免费装

在这里免费安装WordPress以及其他软件

Anti Browser DDoS Protection

开发者
更新时间 2026年4月10日 09:55

标签

下载

2.25 2.26

详情介绍:

The Anti Browser DDoS Protection plugin provides robust protection against denial-of-service (DoS) attacks on your WordPress site. It implements IP-based rate limiting, with configurable settings for subscribers, non-logged-in users, and verified bots, while excluding administrators and other non-subscriber roles. It features advanced bot detection to identify and limit suspicious bots, immediate blocking of malicious bots by User Agent, and supports Cloudflare for accurate client IP detection. Static assets (e.g., CSS, JS, images) are excluded to maintain site performance. An intuitive admin panel allows you to configure rate limits, bot exclusions, trusted bot IP ranges (with automatic duplicate removal), blocked bots by User Agent, log expiration settings, and view logs for blocked IPs, banned IPs, and high traffic bots with auto-refresh every 30 seconds, all with User Agent details and timestamps. You can export Excluded Bots, Bot IP Ranges, and Blocked Bots lists to .txt files and import new entries to append to existing lists without duplicates. Daily bar charts for Blocked IPs, Banned IPs, and High Traffic Bots are displayed above the logs for quick visual insights. Key Features: Ideal for WordPress sites seeking enhanced security against automated attacks, with seamless integration for Cloudflare users, advanced bot management, efficient log management, visual charts for statistics, and easy export/import for bot lists.

安装:

  1. Upload the anti-ddos-protection folder to the /wp-content/plugins/ directory, or install the plugin directly through the WordPress plugins screen.
  2. Activate the plugin through the 'Plugins' screen in WordPress.
  3. Disable any WordPress caching plugins (e.g., WP Super Cache, W3 Total Cache) to ensure the Anti Browser DDoS Protection functions correctly, as caching plugins may bypass DDoS protection checks.
  4. Enable Browser Caching using a service like Cloudflare and set DNS Records Proxy Status to Proxied.
  5. Go Caching > Configuration : and set Standard type Caching and Configure Cloudflare Browser Cache TTL. (e.g., 8 days)
  6. Set DNS Records Proxy Status to Proxied For More DDoS Security.
  7. Navigate to Settings > Anti DDoS to configure the plugin settings:
  8. Set the Maximum Requests (Regular Users) (e.g., 10 requests).
  9. Set the Time Window in seconds (e.g., 60 seconds).
  10. Set the Maximum Requests (Excluded Bots) (e.g., 100 requests per minute).
  11. Set the Log Expires (Days) (e.g., 5 days) for automatic cleanup of logs.
  12. Add Excluded Bots (User Agents, one per line, e.g., Googlebot, Bingbot). Export to .txt or import from .txt to append new entries (duplicates are removed).
  13. Add Bot IP Ranges (trusted IP ranges in CIDR format, one per line, e.g., 66.249.64.0/19). Export to .txt or import from .txt to append new entries (duplicates are removed). Update every 6 months (next update: March 2026).
  14. Add Blocked Bots (User Agents) (e.g., MJ12bot, SemrushBot, DotBot) to block malicious bots immediately. Export to .txt or import from .txt to append new entries (duplicates are removed).
  15. Set Blocks Before Ban (e.g., 30 blocks) and Ban Duration (e.g., 24 hours).
  16. Test the rate limiting by sending multiple requests (e.g., refreshing a page rapidly) using a subscriber account or non-logged-in IP to ensure blocking works.
  17. Test suspicious bot detection by sending requests with a bot User Agent (e.g., Googlebot) from an unverified IP.
  18. Test blocked bot detection by sending requests with a blocked User Agent (e.g., MJ12bot) to verify immediate blocking and logging.
  19. Test high traffic bot logging by sending over 100 requests per minute from a verified bot IP (e.g., Googlebot from a trusted IP range).
  20. Test export functionality by clicking "Export to TXT" for Excluded Bots, Bot IP Ranges, and Blocked Bots to download .txt files.
  21. Test import functionality by uploading .txt files for Excluded Bots, Bot IP Ranges, and Blocked Bots to append new entries without duplicates.
  22. Test log expiration by setting Log Expires (Days) to a low value (e.g., 1 day), generating log entries, and checking if they are automatically removed after the specified time.
  23. Check the Blocked IPs Log, Banned IPs Log, and High Traffic Excluded Bots Log sections in the admin panel to view logs (including User Agent) with auto-refresh every 30 seconds and clear them if needed. Daily charts are displayed above the Blocked IPs Log for visual statistics.
  24. Ensure the WordPress timezone (Settings > General > Timezone) is set correctly (e.g., Europe/Athens for Greece) for accurate timestamp display.

屏幕截图:

  • Charts
  • Logs

升级注意事项:

2.26 This version makes the structure of the application has been corrected. 2.24 / 2.25 This version added Icons and Screenshots to wordpress plugin repository. 2.23 This version fixed a bug that not auto-delete the expired logs. 2.22 This version fixed a bug that returned a critical site error to bots like facebookexternalhit. 2.21 This version adds a plugin logo for better branding and fixes an admin notice that appeared on every admin panel refresh. It also includes export and import functionality for Excluded Bots, Bot IP Ranges, and Blocked Bots lists, allowing you to back up lists to .txt files or append new entries from .txt files with automatic duplicate removal. Update to improve branding, resolve the admin notice issue, and manage bot lists more efficiently. 2.20 This version adds daily bar charts for Blocked IPs, Banned IPs, and High Traffic Excluded Bots in the admin panel, along with a Log Expires (Days) setting for automatic cleanup of logs after a configurable number of days (default: 5 days), with hourly cleanup via WordPress Scheduler. Update to gain visual insights and manage log retention efficiently. 2.19 This version adds auto-refresh of Blocked IPs, Banned IPs, and High Traffic Excluded Bots logs every 30 seconds in the admin panel. Update to enable dynamic log updates without manual page refresh. 2.18 This version adds a Blocked Bots (User Agents) setting to block malicious bots immediately, logs them to the Blocked IPs Log, and prefixes all error messages and logs with "Anti Browser DDoS Protection: ". Update to enhance bot blocking and improve message consistency. 2.17 This version adds User Agent logging to Blocked IPs and Banned IPs logs for improved tracking and a Donate link above the settings in the admin panel to support the project. Update to enhance monitoring capabilities. 2.16 This version fixes timezone handling to use the WordPress timezone setting for accurate timestamp display and removes "Greece time" references from logs. Update to ensure timestamps reflect your site's configured timezone. 2.15 This version adds configurable rate limiting for verified excluded bots, logs high traffic bots with IP, User Agent, and timestamp, and fixes timezone issues for accurate Greece time (Europe/Athens). Update to monitor high traffic bot activity and ensure correct timestamps. 2.14 This version adds automatic removal of duplicate IP ranges in the Bot IP Ranges field, simplifying IP range management. Update to ensure duplicate ranges are automatically handled on save. 2.13 This version adds a Bot IP Ranges field in the admin panel for easy management of trusted bot IPs. Update to simplify bot IP range updates every 6 months. 2.12 This version applies standard rate limiting to suspicious bots. Update to ensure consistent rate limiting behavior. 2.11 This version adds comprehensive bot IP ranges and suspicious bot detection. Update to enhance bot verification. 2.10 This version excludes non-subscriber logged-in users from rate limiting. Update to ensure only subscribers and non-logged-in users are rate-limited. 2.9 This version adds IP banning and Banned IPs Log. Update to enhance security with automatic bans. 2.6 This version adds Cloudflare real IP detection. Update to ensure accurate IP logging and rate limiting when using Cloudflare. 2.5 This version adds blocked IP logging and a clear option in the admin panel. Update to monitor blocked requests effectively.

其他记录:

常见问题:

Does this plugin work with Cloudflare?

Yes, the plugin supports Cloudflare by using the CF-Connecting-IP header to detect the real client IP, ensuring accurate rate limiting and logging.

Can I exclude specific bots from rate limiting?

Yes, you can add User Agents (e.g., Googlebot, Bingbot) in the Excluded Bots field in the admin panel. Bots from trusted IP ranges (configured in Bot IP Ranges) are exempt from regular rate limiting but are subject to a separate limit (default: 100 requests per minute). You can export the list to .txt or import from .txt to append new entries.

Can I block specific bots immediately?

Yes, you can add User Agents (e.g., MJ12bot, SemrushBot, DotBot) in the Blocked Bots (User Agents) field in the admin panel. These bots are blocked immediately, logged in the Blocked IPs Log with their User Agent, and receive an "Anti Browser DDoS Protection: Blocked Bot Access Denied" message. You can export the list to .txt or import from .txt to append new entries.

How are suspicious bots handled?

Bots with trusted User Agents (e.g., Googlebot) but from unverified IPs are flagged as suspicious, logged in the Blocked IPs Log with their User Agent, and subjected to the same rate limiting as regular users (e.g., 10 requests per 60 seconds).

How are high traffic excluded bots handled?

Verified excluded bots (from trusted IP ranges) exceeding the configured limit (default: 100 requests per minute) are logged in the High Traffic Excluded Bots Log with their IP, User Agent, and timestamp. They are not blocked but monitored for high activity.

Can I manage trusted bot IP ranges?

Yes, you can configure trusted bot IP ranges in the Bot IP Ranges field in the admin panel (Settings > Anti DDoS). Enter ranges in CIDR format (e.g., 66.249.64.0/19), one per line. Duplicate ranges are automatically removed on save. You can export the list to .txt or import from .txt to append new entries. Update every 6 months.

Are static assets like CSS and JS rate-limited?

No, the plugin excludes common static assets (e.g., .css, .js, .jpg, .png) to prevent performance issues.

Are logged-in users rate-limited?

Only users with the subscriber role are rate-limited. Administrators, editors, and other non-subscriber roles are exempt.

How do I view blocked, banned, or high traffic bot IPs?

Go to Settings > Anti DDoS to see the Blocked IPs Log, Banned IPs Log, and High Traffic Excluded Bots Log tables, which list IPs, User Agents, timestamps, and ban expiration times with auto-refresh every 30 seconds. Daily bar charts are displayed above the Blocked IPs Log for visual insights. You can clear the logs using the provided buttons.

How does log expiration work?

The Log Expires (Days) setting (default: 5 days) automatically deletes Blocked IPs, Banned IPs, and High Traffic Bots logs older than the specified number of days. Cleanup runs hourly via the WordPress Scheduler.

Can I export or import bot lists?

Yes, you can export Excluded Bots, Bot IP Ranges, and Blocked Bots lists to .txt files via links in the admin panel. You can also import .txt files to append new entries to these lists, with duplicates automatically removed on save.

What happens when I deactivate the plugin?

The plugin automatically deletes its transients, blocked IP logs, banned IP logs, high traffic bot logs, blocked bots, bot IP ranges, and log expiration settings from the database to prevent bloat.

更新日志:

2.26 2.24 / 2.25 2.23 2.22 2.21 2.20 2.19 2.18 2.17 2.16 2.15 2.14 2.13 2.12 2.11 2.10 2.9 2.6 2.5 2.4 2.3 2.0 1.0