Linux 软件免费装
Banner图

ddosNull Shield — DDoS & Bot Protection

开发者 ddosnull
更新时间 2026年7月13日 21:17
PHP版本: 7.4 及以上
WordPress版本: 7.0
版权: GPL-2.0+
版权网址: 版权信息

标签

security woocommerce firewall bot protection ddos protection

下载

1.1.27 1.1.28 1.1.25 1.1.26 1.1.29 1.1.30

详情介绍:

Stop bots and DDoS attacks before they reach your WordPress site — without touching your DNS, hiring a developer, or slowing down your pages. ddosNull Shield silently monitors your WordPress traffic in the background. Only visitors identified as malicious are intercepted. Real customers never notice it's there. Up and Running in Under 60 Seconds No server access, no terminal, no config files.
  1. Install the plugin from your WordPress admin
  2. Click Connect to ddosNull and sign in (or create a free account)
  3. Protection activates immediately
Why WordPress Stores Get Attacked Modern attackers don't try to flood your "pipe" anymore. They send requests that look exactly like real browsers — thousands of them — forcing your server to work 100x harder. Your pages slow down, customers abandon their carts, and your checkout stops processing. It's called a Layer 7 attack, and standard firewalls let them straight through. ddosNull's AI is specifically trained to spot these invisible patterns and stop them before they impact your store. What ddosNull Shield Protects You From DDoS & Bot Traffic The ddosNull cloud analyzes your traffic patterns continuously. Malicious IPs are pushed to your site automatically — blocked the moment they show up, with zero performance impact on normal page loads. All analysis runs on ddosNull's servers, not yours. Carding & Fake Order Bots (WooCommerce) — ddosNull Shield Pro Carding bots probe thousands of stolen credit cards on your checkout page in rapid card testing attacks, racking up chargeback fees and putting your payment gateway account at risk. Other bots flood your store with fake orders just to test stolen card numbers or scrape discount codes. ddosNull evaluates each checkout submission against multiple behavioral signals — and blocks bots before any order is ever created. Legitimate shoppers check out without any interruption. Checkout protection is available with ddosNull Shield Pro. Smart Challenges, Not Hard Blocks Not every suspicious request is an attack. Sometimes it's a real customer on a slow VPN. ddosNull uses a proof-of-work challenge (ALTCHA) that resolves silently in the background for most real visitors. Only confirmed bots are hard-blocked. Google reCAPTCHA v2 is also supported as an alternative. Zero Risk — Try It in Dry Run Mode Install ddosNull Shield and enable Dry Run Mode from your dashboard. Every request is scored, but 100% of traffic is allowed through. You'll see a detailed log of exactly which IPs would have been blocked — and why. When you're confident, activate protection with one click. Works Everywhere WordPress Works No DNS changes. No proxy. No re-routing your traffic through a third-party network. ddosNull Shield works directly inside WordPress at the PHP layer — compatible with any host, including WP Engine, Kinsta, SiteGround, shared cPanel and Plesk hosting, and Cloudflare. What Our Customers Say "DDoSNull saved us during our peak holiday sales season. We were hit by a massive Layer 7 attack and didn't even notice until we got the notification that it had been mitigated. It's set-and-forget protection. I sleep better at night." — Sarah J., CTO of an E-commerce Store "As a DevOps consultant, I recommend DDoSNull to all my clients running WordPress. The one-click setup is a dream, and it provides enterprise-grade protection without the enterprise-grade price tag or complexity. It just works." — Mike C., DevOps Consultant Features A free ddosNull account is required. Sign up and connect your site directly from the plugin settings page.

安装:

  1. Upload the ddosnull-shield folder to /wp-content/plugins/, or install it directly from the WordPress plugin directory.
  2. Activate the plugin through the Plugins menu in WordPress.
  3. Go to ddosNull Shield in the admin sidebar.
  4. Click Connect to ddosNull and sign in or create a free account.
  5. Protection activates immediately after connecting.

屏幕截图:

  • Settings panel with shield toggle, challenge type selector, and early loading option.
  • ALTCHA proof-of-work challenge page shown to suspicious visitors.

升级注意事项:

1.1.25 Fixes redirect dropping query-string parameters after challenge verification. Update recommended for sites with filtered or parameterised URLs. 1.1.23 WordPress.org submission prep: assets, pricing info, i18n for challenge pages, activation redirect. 1.1.22 Fixes early loading toggle not reflecting actual state after enabling. Update recommended. 1.1.21 Adds protected_urls support for forcing verification on specific pages. Update recommended. 1.1.20 Critical fix for sites using early loading. Update immediately. 1.1.19 Performance improvement for large block lists and fix for challenge-loop on backend outage. Update recommended. 1.1.18 Improved checkout fraud detection. Update recommended. 1.1.17 WordPress coding standards compliance update. Recommended for all users. 1.1.16 Fixes a cron scheduling issue on existing installs upgrading from 1.1.14 or earlier. Update recommended. 1.1.15 Maintenance release. No user-facing changes. 1.1.14 Hard block (403) support for blacklisted user agents. Update recommended. 1.1.13 Minor fix reverting a block ordering change. Update recommended.

常见问题:

Will this slow down my WordPress site?

No. The plugin intercepts requests before WordPress loads the full page, and all traffic analysis happens on ddosNull's servers — not yours. There is zero performance impact on normal page loads.

Do I need to change my DNS or use a proxy?

No DNS changes, no proxy, no re-routing your traffic. ddosNull Shield works directly inside WordPress. Your DNS, CDN, and existing Cloudflare setup stay exactly as they are.

What if I accidentally block a real customer?

Use Dry Run Mode first. You'll see a report of exactly who would have been blocked before any blocking occurs. ddosNull also uses smart challenges (not hard blocks) for suspicious-but-not-confirmed traffic, so edge cases like VPN users get a quick verification step instead of a flat rejection.

Does this work on shared hosting?

Yes. Because ddosNull Shield works at the PHP/WordPress layer, it runs on any host that supports WordPress plugins — including shared cPanel and Plesk hosting. No server-level access is required.

What happens if ddosNull goes down?

Your WordPress site keeps running normally. The plugin stores the last known block list locally and continues enforcing those rules if the ddosNull cloud is temporarily unreachable. Nothing breaks.

How does the carding and fake order protection work?

Checkout protection against carding, card testing, and fake orders is available with ddosNull Shield Pro, distributed from ddosnull.com. When active, it collects lightweight browser signals on the checkout page — things like screen dimensions, JavaScript environment, and session timing. Orders that arrive too fast, without a real browser, or from known automation tools are blocked before the order is created. Legitimate shoppers experience no friction.

What is the ALTCHA challenge?

ALTCHA is a privacy-friendly proof-of-work challenge that runs silently in the browser. Most real visitors pass it automatically without clicking anything. It requires no Google account and collects no personal data.

Can I use Google reCAPTCHA instead?

Yes. Switch the challenge type to reCAPTCHA v2 in the plugin settings and enter your site key and secret key from Google.

What is Early Loading?

When early loading is enabled, the plugin installs a small must-use plugin file so the intercept runs before regular plugins load — giving better performance under heavy traffic. The setting is opt-in and can be toggled on or off at any time from the plugin settings page.

Is there a free trial or money-back guarantee?

Yes. All paid plans include a 30-day money-back guarantee — no questions asked. You can also start on the Free plan (15,000 requests/month) before upgrading. There are no long-term contracts; you can cancel at any time and protection remains active through the end of your current billing period.

Is my customer data private?

Your traffic never passes through ddosNull's servers. The plugin only shares anonymized metadata — IP addresses, request counts, and access log lines — to power threat detection. ddosNull never sees your customers' personal data, payment information, or page content.

更新日志:

1.1.30 1.1.29 1.1.27 1.1.26 1.1.25 1.1.24 1.1.23 1.1.22 1.1.21 1.1.20 1.1.19 1.1.18 1.1.17 1.1.16 1.1.15 1.1.14 1.1.13 1.1.12 1.1.11 1.1.10 1.1.9 1.1.8 1.1.7 1.1.6 1.1.4 1.1.3 1.1.2 1.1.0