Plugin0 - Build Features & Discover WordPress Plugins with AIBeta
Home Plugins bot lockout
Bot Lockout logo

Bot Lockout

by kognetiks on WordPress.org

A lightweight WordPress plugin that protects your site from AI scrapers and bad bots using cryptographic JavaScript challenges.

(0)
General Settings

General Settings

Bot Lockout is a security plugin that implements a lightweight cryptographic challenge system to distinguish between real browsers and automated bots. Unlike traditional CAPTCHA systems, it uses JavaScript-based cryptographic operations that are easy for humans but difficult for most bots to solve.

Key Features

  • Lightweight Protection: Uses minimal resources and doesn’t impact site performance
  • Cryptographic Challenges: SHA-256 hashing with date and user agent binding
  • Smart Whitelisting: Allow trusted bots (Google, Bing, etc.) and IP addresses
  • Flexible Configuration: Exclude specific pages and customize block messages
  • Comprehensive Logging: Track blocked attempts for analysis
  • Custom Styling: Add custom CSS to match your site’s design
  • Daily Token Expiration: Prevents long-term bypass attempts

How It Works

  1. Initial Request: When a visitor accesses your site, the plugin checks for a valid challenge token
  2. JavaScript Challenge: If no token exists, a cryptographic challenge is presented
  3. Token Generation: The challenge combines the current date with the user agent string and creates a SHA-256 hash
  4. Secure Storage: The hash is base64 encoded, truncated, and stored as a secure cookie
  5. Validation: Subsequent requests are validated against the stored token

Security Features

  • Cryptographically Secure: Uses SHA-256 hashing algorithm
  • Time-Bound: Tokens expire daily to prevent long-term bypass
  • Browser-Specific: User agent binding prevents token sharing
  • Secure Cookies: Implements proper cookie security settings
  • Whitelist Support: Allow trusted services and IP addresses

Multi-Site Support

Bot Lockout supports WordPress Multi-Site installations with both network-wide and site-specific configurations:

  • Network Activation: Apply settings to all sites in the network
  • Site-Specific Activation: Independent settings for each site
  • Mixed Configuration: Network-wide defaults with site-specific overrides

Security Advisory

Bot Lockout is one layer in a broader security strategy, not a silver bullet.

While Bot Lockout is designed to deter automated bots and AI scrapers through cryptographic JavaScript challenges, no single solution can offer complete protection. Web scraping technologies continue to evolve, and determined actors may find ways to bypass front-end defenses.

This plugin should be used as part of a multi-layered approach to website security. For best results, we recommend combining Bot Lockout with additional tools such as server-level firewalls, rate limiting, CAPTCHA systems, behavior-based threat detection, and CDN-level bot mitigation.

Kognetiks makes no guarantee that this plugin will block all unwanted bot traffic. It is intended as a proactive, lightweight defense mechanism—not a comprehensive security system. Users are responsible for evaluating their own threat model and deploying appropriate complementary protections.

Support

For support, please visit the WordPress.org support forums or check the plugin documentation.

Credits

Developer: Kognetiks

This plugin is licensed under the GPL v3 or later.

Active installations0+
Weekly downloads
33
Version1.0.0
Last updated7/29/2025
WordPress version
Tested up to6.8.2
Tags
anti-scrapingbot protectioncaptchajavascript challengesecurity

Related Plugins

JPEGcrypto logo

JPEGcrypto

JPEGcrypto safeguards JPEG images on your web site from 'copyright violation'. This plugin is discontinued.

20+
WP-Simply remove generator tag logo

WP-Simply remove generator tag

If active, this plugin removes the WordPress version from your website header.

20+
QCaptcha logo

QCaptcha

QCaptcha ist eine Anti-Spam Lösung für Webmaster, die sehgeschädigte Menschen nicht ausgrenzt und auf Datenschutz achtet

20+