JTZL's Bot Maze -- WordPress 插件

开发者	jtzl
更新时间	2026年6月4日 22:24
PHP版本:	8.2 及以上
WordPress版本:	7.0
版权:	GPL-2.0-or-later
版权网址:	版权信息

JTZL's Bot Maze protects your WordPress site from unwanted AI crawlers and scrapers by planting invisible trap links that only bots will follow. When a bot enters the trap maze, it gets lost in an ever-expanding maze of realistic-looking fake pages while it quietly builds a suspicion score based on its behavior. How it works:

Trap link injection — Invisible links are added to your real pages. Legitimate visitors never see them, but bots following every link on the page will enter the trap maze.
Lazy maze generation — Trap pages link to more trap pages, generated on demand. The deeper a bot goes, the more time it wastes.
Bot scoring — Each trap page visit adds suspicion points. Deeper traversal earns bonus points. Once a threshold is reached, the visitor is flagged as a bot.
Blocking and tarpitting — Flagged bots can be blocked outright (403), served decoy pages (light tarpit), or slowed down with a deliberate delay (full tarpit).
Crawler verification — Known search engine crawlers (Googlebot, Bingbot, etc.) are verified via reverse DNS and exempted from scoring.

Features:

Zero impact on legitimate visitors — trap links are hidden from humans and search engines
Configurable injection method (content, footer, or both)
Adjustable scoring thresholds and blocking behavior
robots.txt integration to signal trap paths as disallowed
Analytics dashboard showing bot activity, top IPs, and score distribution
Blocked Bots detail page showing full user agent, score, visit history
Optional comprehensive tracking mode to monitor blocked bot persistence
Automatic log retention and maintenance via WP-Cron
Privacy policy suggestion for GDPR compliance
Geographic heat map of bot activity by country with two GeoIP provider options
MaxMind GeoLite2 local database — all lookups on your server, GDPR-friendly (recommended)
ip-api.com external API — simple setup, no license key required
Lightweight — minimal footprint, geographic tracking is fully optional

1.0.0-rc.6

Added MaxMind GeoLite2 as a GDPR-friendly local GeoIP provider option.
Added 3-way GeoIP provider selector: Disabled, MaxMind GeoLite2 (local), or ip-api.com (external).
MaxMind database auto-updates weekly via WP-Cron.
Added clear privacy warnings for each provider option in the settings UI.
Updated privacy policy text to describe both provider options.
Geographic map section now hidden entirely when geo tracking is disabled.
Migrates existing geo tracking setting to new provider architecture.
Added Vitest job to CI with coverage reporting.

1.0.0-rc.5

Added geographic heat map of bot activity by country using Leaflet.js choropleth.
Added GeoIP service for resolving visitor IP addresses to country codes.
Added AJAX endpoint for dynamic country data loading.
Added the "Full Tarpit Delay (ms)" setting.
UI improvements on the Analytics page.

1.0.0-rc.4

Added Blocked Bots detail page showing full user agent, score, visit count, and timestamps.
Added Recent Activity page with 7-day filter, pagination, and request type badges (Trap Visit, Blocked, Exempted).
All dashboard summary cards are now clickable links to their own detail pages.
Added comprehensive bot tracking mode (opt-in setting) to continue recording blocked bot visits on trap pages.
Added request type badges to distinguish trap visits, blocked bot visits, and exempted crawler visits.
Removed Recent Activity table from analytics dashboard (moved to dedicated page).

1.0.0-rc.3

Added privacy policy suggestion for GDPR compliance.

1.0.0-rc.2

Added the About Page.
Added the Trap Pages.
Improved the Analytics Page.

1.0.0-rc.1

Hardened settings with server-side upper bounds on all numeric options
Centralized option sanitization — single source of truth for bounds
Added length truncation for stored user-agent, referrer, and request URI values
Per-request slug cache in trap router eliminates duplicate DB queries
Extracted shared rightmost-IP logic into a reusable helper
Validated injection method and blocking behavior enums at read time
Added bot scoring options (points_per_visit, depth_bonus, block_threshold) to bounded sanitization
Routed maintenance cron through container config for consistent bounds enforcement
Full test coverage across all source files (100% lines, 100% methods)

1.0.0-alpha.4

Light tarpit as default blocking behavior
Clearer blocking settings descriptions

1.0.0-alpha.3

Bot blocking and tarpitting with configurable behavior
Robots.txt integration
Trusted proxy header support
Race condition guards for concurrent trap page generation

1.0.0-alpha.2

Full test suite and CI workflow
Frontend build tooling for admin assets
Bug fixes for bot score threshold and URL normalization

1.0.0-alpha.1

Initial release
Trap link injection into post content and footer
Lazy maze generation with configurable depth and branching
Bot scoring based on trap page visits and traversal depth
IP tracking with proxy-aware detection
Admin settings page
Analytics dashboard

JTZL's Bot Maze

标签

下载

详情介绍:

安装:

常见问题:

更新日志: