Plugin0 - Build Features & Discover WordPress Plugins with AIBeta
Home Plugins anti browser ddos protection
Anti Browser DDoS Protection logo

Anti Browser DDoS Protection

by sourcecode347 on WordPress.org

Protects WordPress from DDoS with rate limiting, bot detection, blocking, Cloudflare support, logs, charts, and bot list export/import.

(1)
Rate limiting Settings

Rate limiting Settings

The Anti Browser DDoS Protection plugin provides robust protection against denial-of-service (DoS) attacks on your WordPress site. It implements IP-based rate limiting, with configurable settings for subscribers, non-logged-in users, and verified bots, while excluding administrators and other non-subscriber roles. It features advanced bot detection to identify and limit suspicious bots, immediate blocking of malicious bots by User Agent, and supports Cloudflare for accurate client IP detection. Static assets (e.g., CSS, JS, images) are excluded to maintain site performance. An intuitive admin panel allows you to configure rate limits, bot exclusions, trusted bot IP ranges (with automatic duplicate removal), blocked bots by User Agent, log expiration settings, and view logs for blocked IPs, banned IPs, and high traffic bots with auto-refresh every 30 seconds, all with User Agent details and timestamps. You can export Excluded Bots, Bot IP Ranges, and Blocked Bots lists to .txt files and import new entries to append to existing lists without duplicates. Daily bar charts for Blocked IPs, Banned IPs, and High Traffic Bots are displayed above the logs for quick visual insights.

Key Features:

  • Rate limiting based on IP for subscribers and non-logged-in users, with configurable maximum requests and time window.
  • Excludes non-subscriber logged-in users (e.g., administrators, editors) from rate limiting.
  • Advanced bot detection to identify suspicious bots (bots using trusted User Agents but from unverified IPs).
  • Suspicious bots are subject to the same rate limiting as regular users and logged with User Agent in the Blocked IPs Log.
  • Immediate blocking of malicious bots by User Agent (e.g., MJ12bot, SemrushBot, DotBot by default) with customizable settings and logging.
  • Configurable rate limiting for verified excluded bots (default: 100 requests per minute), with logging for bots exceeding this limit.
  • High Traffic Excluded Bots Log to track verified bots with excessive requests, including IP, User Agent, and timestamp.
  • Admin panel to configure maximum requests, time window, excluded bots, trusted bot IP ranges, blocked bots (User Agents), blocks before ban, ban duration, high traffic bot limits, and log expiration (days).
  • Export Excluded Bots, Bot IP Ranges, and Blocked Bots lists to .txt files for backup or transfer.
  • Import .txt files for Excluded Bots, Bot IP Ranges, and Blocked Bots to append new entries to existing lists, with automatic duplicate removal.
  • Automatic removal of duplicate IP ranges in the Bot IP Ranges field on save, keeping the first occurrence.
  • Support for Cloudflare real IP detection using CF-Connecting-IP and X-Forwarded-For headers.
  • Excludes static assets (CSS, JS, images, fonts, etc.) from rate limiting to optimize performance.
  • Logs blocked IPs, banned IPs, and high traffic bots with IP, User Agent, and timestamps using the WordPress timezone, viewable in the admin panel with options to clear logs and auto-refresh every 30 seconds.
  • Daily bar charts for Blocked IPs, Banned IPs, and High Traffic Bots displayed above the logs in the admin panel for visual statistics.
  • Automatic log expiration (Blocked IPs, Banned IPs, High Traffic Bots) after a configurable number of days (default: 5 days), with hourly cleanup via WordPress Scheduler.
  • All error messages and logs prefixed with “Anti Browser DDoS Protection: ” for clarity.
  • Donate link in the admin panel to support the project.
  • Automatic cleanup of transients, blocked IPs, banned IPs, high traffic bots, blocked bots, bot IP ranges, and log expiration settings on plugin deactivation to prevent database bloat.

Ideal for WordPress sites seeking enhanced security against automated attacks, with seamless integration for Cloudflare users, advanced bot management, efficient log management, visual charts for statistics, and easy export/import for bot lists.

Plugin Assets img/

Icon Image

Normal: icon-128×128.png
High-DPI (Retina): icon-256×256.png

Bugs

Caching plugins such as WP Super Cache, W3 Total Cache, and others may bypass the DDoS protection provided by Anti Browser DDoS Protection, serving cached pages without triggering the plugin’s checks for blocked bots, rate limiting, or banned IPs.
Solution: Disable all WordPress caching plugins to ensure full DDoS protection. Instead, enable Browser Caching using a service like Cloudflare to improve performance without compromising security.
Enable standard type Caching and Configure Cloudflare Browser Cache TTL (e.g., 8 days) via Caching > Configuration in the Cloudflare dashboard.- Cloudflare Compatibility: Ensure Cloudflare is configured to pass CF-Connecting-IP headers for accurate IP detection. Check your Cloudflare dashboard if logged IPs are incorrect.
Bot IP Ranges: Update the Bot IP Ranges field every 6 months (next update: March 2026) using official sources (e.g., Google, Bing, Yandex documentation). Duplicate ranges are automatically removed on save. Export to .txt for backup or import from .txt to append new ranges.
Blocked Bots: Add malicious bots to the Blocked Bots (User Agents) field (e.g., MJ12bot, SemrushBot, DotBot) to block them immediately. Blocked bots are logged with their IP and User Agent. Export to .txt for backup or import from .txt to append new entries.
Excluded Bots: Add trusted bots (e.g., Googlebot, Bingbot) to the Excluded Bots field to exempt them from regular rate limiting (if from verified IPs). Export to .txt for backup or import from .txt to append new entries.
High Traffic Bots: Verified bots exceeding the configured limit (default: 100 requests per minute) are logged for monitoring but not blocked. Check the High Traffic Excluded Bots Log regularly.
Log Expiration: Set the Log Expires (Days) setting to control how long logs are retained (default: 5 days). Cleanup runs hourly via WordPress Scheduler. Logs older than the specified days are automatically deleted.
Timezone: Set the WordPress timezone correctly (e.g., Europe/Athens for Greece) in Settings > General > Timezone to ensure accurate timestamp display in logs and charts.
Performance: For high-traffic sites, clear the Blocked IPs Log, Banned IPs Log, and High Traffic Excluded Bots Log regularly, or set a lower Log Expires (Days) value to prevent database growth.
Customization: Contact the author for additional features like custom error pages, email notifications for high traffic bots, or advanced logging.
Support the Project: If you find this plugin useful, consider supporting its development via the donation link in the admin panel or plugin page.

Active installations0+
Weekly downloads
36
Version2.26
Last updated9/19/2025
WordPress version5.0
Tested up to6.8.2
PHP version8.3
Tags
bot blockingDDOS ProtectionIP-blockingrate limitingsecurity

Related Plugins

Khushal Login Path Guard logo

Khushal Login Path Guard

Change your WordPress login URL and protect your site from brute-force attacks. Blocks default login paths with 404 errors.

0+
RestArmor Security logo

RestArmor Security

Advanced security suite. Blocks REST API, disables XML-RPC, prevents user enumeration, and secures endpoints.

0+
Digages Website Monitor logo

Digages Website Monitor

Digages Website Monitor tracks visitor activity, login attempts, and theme/plugin installs and updates to keep your WordPress site secure.

0+