BotFend Anti-Bot Firewall

Description

BotFend Anti-Bot Firewall is a professional-grade WordPress security suite designed to stop automated attacks, malicious bots, and brute-force attempts before they consume your server resources. Built with a high-performance V4 architecture, it features a smart aggregation engine and an early-loading Web Application Firewall (WAF) that neutralizes threats at the server level.

Developed by Omajemite Don, BotFend protects your site without slowing it down.

Core Features:

• Advanced Web Application Firewall (WAF): Uses auto_prepend_file via .htaccess or .user.ini to block attacks before WordPress even loads.
• Intelligent Bot Detection: Identifies and blocks malicious bots, crawlers, and scrapers using advanced signature detection.
• Behavioral Analysis: Monitors visitor behavior patterns to detect and block automated threats that mimic human activity.
• Browser Fingerprinting: Generates unique browser fingerprints to track and identify persistent attackers across sessions and IP changes.
• Advanced 404 Detection: Detects and blocks malicious path scanning, vulnerability probing, and excessive 404 abuse patterns.
• WordPress Protection: Comprehensive protection against XML-RPC attacks, REST API abuse, author scanning, and WordPress-specific vulnerabilities.
• Signature Detection: Real-time pattern matching against known attack signatures and malicious payloads.
• Smart Log Aggregation: High-performance database architecture that centralizes logging to prevent database bloat and memory crashes, even under heavy attack.
• Perpetual Offender Tracking: Automatically upgrades temporary bans to permanent blocks for IPs that repeatedly attack your site.
• Real-Time Threat Intelligence: Integrates with external databases to verify IP reputations on the fly.
• Tor Node Blocking: Automatically detects and blocks malicious traffic originating from the Tor anonymity network.
• Comprehensive UI: Clean, intuitive WordPress admin interface with bulk actions, detailed threat analysis timelines, and visual statistics.

Pro Features (Available with License):

• Full Firewall Auto Prepend: Execute firewall protection at the earliest possible stage of WordPress execution
• Cloudflare Integration: Synchronize blocked IPs to Cloudflare firewall rules at the edge, blocking attacks before they reach your server

External Services

IMPORTANT: All external services are DISABLED BY DEFAULT. You must explicitly enable each service in the plugin settings before any data is sent.

This plugin can connect to the following external services to provide enhanced threat protection. No data is sent unless you explicitly enable these features.

1. AbuseIPDB API

• Purpose: Checks the reputation of suspicious IP addresses against a global database of reported abusers
• Data sent: The IP address of the visitor being checked
• When: When AbuseIPDB integration is enabled AND an IP address needs verification (cached for 24 hours)
• How to disable: Set “Enable AbuseIPDB” to OFF in plugin settings (default: OFF)
• Terms of Service: https://www.abuseipdb.com/legal
• Privacy Policy: https://www.abuseipdb.com/privacy

2. IPHub API

• Purpose: Detects VPNs, proxies, and non-residential IP addresses
• Data sent: The IP address of the visitor being checked
• When: When IPHub integration is enabled (default: OFF)
• How to disable: Set “Enable IPHub” to OFF in plugin settings (default: OFF)
• Terms of Service: https://iphub.info/legal/terms
• Privacy Policy: https://iphub.info/legal/privacy

3. IP Geolocation Services

• Purpose: Determine the country of origin for IP addresses to apply geographic blocking rules
• Data sent: The IP address of the visitor being geolocated
• When: When geolocation is enabled (default: OFF) AND an IP needs geolocation (results cached)
• How to disable: Set “Enable IP Geolocation” to OFF in plugin settings (default: OFF)
• Services used:

ip-api.com

• Purpose: Primary geolocation service
• Terms: https://ip-api.com/terms
• Privacy: https://ip-api.com/privacy

ipapi.co

• Purpose: Fallback geolocation service
• Terms: https://ipapi.co/terms/
• Privacy: https://ipapi.co/privacy/

ipwhois.io

• Purpose: Secondary fallback geolocation service
• Terms: https://ipwhois.io/terms
• Privacy: https://ipwhois.io/privacy

4. Tor Project Exit List

• Purpose: Downloads the official list of active Tor exit nodes to block anonymous attacks
• Data sent: None (only downloads a public list)
• When: Every 6 hours when Tor blocking is enabled (default: OFF)
• How to disable: Set “Enable Tor Blocking” to OFF in plugin settings (default: OFF)
• Service URL: https://check.torproject.org/torbulkexitlist
• Terms of Use: https://www.torproject.org/about/trademark/
• Privacy Policy: https://www.torproject.org/about/privacy_policy/

5. dan.me.uk Tor List (Alternative Source)

• Purpose: Alternative source for Tor exit node list when primary source is unavailable
• Data sent: None (only downloads a public list)
• When: Only used as fallback when primary Tor list fails and Tor blocking is enabled
• How to disable: Disable Tor blocking in plugin settings (default: OFF)
• Service URL: https://www.dan.me.uk/torlist/
• Terms/Privacy: This is a public service with no formal terms or privacy policy. Use is governed by standard HTTP protocol.

6. Threat Intelligence Feeds

• Purpose: Download curated lists of known malicious IP addresses
• Data sent: None (only downloads public blocklists)
• When: When threat intelligence is enabled (default: OFF) and feeds need refreshing
• How to disable: Set “Enable Threat Intelligence” to OFF in plugin settings (default: OFF)
• Feeds used:
  • FireHOL: https://firehol.org/ (Public domain blocklists)
  • Blocklist.de: https://www.blocklist.de/ (Terms: https://www.blocklist.de/en/terms.html)
  • Emerging Threats (Proofpoint): Real-time threat intelligence feeds
  • Terms: https://www.proofpoint.com/us/legal/license
  • Privacy: https://www.proofpoint.com/us/legal/privacy-policy

7. Google reCAPTCHA

• Purpose: Provides bot verification on login, registration, and comment forms
• Data sent: Browser interaction data sent to Google’s servers
• When: When reCAPTCHA is enabled AND a user interacts with a protected form
• How to disable: Set reCAPTCHA site key and secret key to empty in plugin settings
• Terms of Service: https://policies.google.com/terms
• Privacy Policy: https://policies.google.com/privacy

8. Cloudflare API Integration (PRO VERSION)

• Purpose: Synchronize blocked IPs to Cloudflare firewall rules at the edge, blocking attacks before they reach your server
• Data sent: IP addresses, threat scores, authentication credentials, and configuration parameters during API calls
• When: During manual sync operations, scheduled automatic syncs, and license validation
• How to disable: Available only in Pro version with valid license
• Terms of Service: https://www.cloudflare.com/terms/
• Privacy Policy: https://www.cloudflare.com/privacypolicy/

Data Handling Summary

• No data is sent to any external service unless you explicitly enable that feature
• All API results are cached to minimize external requests
• Regular visitor IPs are never sent – only suspicious or attacking IPs trigger external lookups
• You can disable ALL external services in the plugin settings
• Plugin works perfectly with all external services disabled

Privacy

This plugin respects user privacy:
– No tracking of regular site visitors
– No analytics or usage data collected
– All external services are opt-in (disabled by default)
– Full transparency: All external service calls are documented above