I would like to introduce you to my project, BotBlocker Security. It is a WordPress plugin that I am developing as a developer who is tired of endless bots, brute-force attacks, and “left-wing” scanners. Why did I start writing it in the first place? I’ve been working with WordPress sites for 10 years (client projects, commerce, custom development). Almost every project has the same story:
- hundreds of attempts to log into the admin panel
- constant requests to xmlrpc.php
- fake search engines
- vulnerability scanning
- load from junk traffic
And almost always, protection is enabled after WordPress has already loaded. I wanted to filter traffic as early as possible, before the site starts consuming resources. That’s how BotBlocker Security came about.
It is a WAF and anti-bot layer for WordPress that works as early as possible (including MU) and blocks:
- automated bots
- brute force
- botnets
- suspicious scanners
- fake search robots
The idea is simple: the earlier a junk request is blocked, the less load and the calmer the server.
What’s inside:
- early firewall
- IP verification
- User-Agent and header analysis
- custom captcha
- admin panel protection
- detailed logs and monitoring
I focus specifically on filtering automated traffic, rather than just being “another security plugin.”
There are powerful solutions like Wordfence and Sucuri – they are excellent, but:
they are often overloaded with features
they can be heavy
BotBlocker is more narrowly focused: anti-bot and early filtering are its main focus.
Feedback is important to me because BotBlocker is a young product.
I’m curious:
What types of attacks annoy you the most?
Do you use separate anti-bot solutions?
What annoys you about current security plugins?
What is more important to you – maximum protection or minimum load?
The project is evolving, and I am open to ideas. I am happy to answer any questions.
Thank you for reading 🙌