Monitor-tier purification release: the WordPress.org build is now strictly observability-focused. Adds WordPress Privacy API integration, per-install IP salt, and migration-after-upgrade safety. Active defense features (block, tarpit, decoy, shadowban, auto-block, custom paths, per-IP rules, REST data API, backup\/restore) have been moved out of this build and are available in the paid Protect+ tiers at crawlantix.com.<\/p>","2.0.4":"
Safety fix: Plugin deletion no longer erases collected data by default. Enable "Delete Data on Uninstall" in Settings only if you want a clean removal. Recommended update.<\/p>","2.0.3":"
Security and performance hardening. Recommended update.<\/p>","1.0.5":"
Major feature release: bytes tracking, bot categorization, honeypot, reverse DNS verification. Database migration runs automatically.<\/p>","1.0.0":"
Initial release.<\/p>"},"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["2.0.5"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[2353,232,2359,600,186],"plugin_category":[36,54,55],"plugin_contributors":[264370],"plugin_business_model":[],"class_list":["post-306072","plugin","type-plugin","status-publish","hentry","plugin_tags-ai","plugin_tags-analytics","plugin_tags-bot","plugin_tags-security","plugin_tags-seo","plugin_category-analytics","plugin_category-security-and-spam-protection","plugin_category-seo-and-marketing","plugin_contributors-crawlantix","plugin_committers-crawlantix"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/crawlantix-ai-bot-tracker.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"\n
Crawlantix AI Bot Tracker monitors visits from 30+ AI crawlers and gives you visibility into how bots interact with your site. See which bots visit, what pages they crawl, and catch misbehaving bots with a built-in logging-only honeypot. Lightweight, privacy-first, and fully functional out of the box.<\/p>\n\n
Free forever \u2014 no artificial limits on bot detection.<\/strong><\/p>\n\n Tracked Bots (30+):<\/strong><\/p>\n\n Features:<\/strong><\/p>\n\n Hooks into WordPress Clean dashboard with trend chart and provider breakdown pie chart (Chart.js, bundled locally). Summary cards show total visits, unique bots, pages crawled, and daily averages. No external dependencies.<\/p>\n\n Dedicated tab showing all detected bots with visits, bytes transferred, 24h sparklines, verification status, and honeypot hit counts.<\/p>\n\n See which pages bots visit most, which bots crawl them, and when they were last seen.<\/p>\n\n A CSS-hidden, aria-hidden, rel=nofollow link is injected in the footer. Only raw link-extracting bots will follow it. Visits are logged for transparency. Active defense (blocking, tarpit, rate-limit, decoy, shadowban) is reserved for the paid build.<\/p>\n\n Reverse DNS (FCrDNS) verification for major bots \u2014 confirms Googlebot, GPTBot, ClaudeBot, etc. are actually who they claim to be.<\/p>\n\n IP addresses are SHA-256 hashed with a per-install salt before storage. Raw IPs are never saved. Includes WordPress Privacy API exporter and eraser hooks so data-subject access and erasure requests can flow through the standard WordPress Tools \u2192 Personal Data workflow.<\/p>\n\n Serves Bot visit data is retained for 30 days. Older records are automatically pruned via WP-Cron.<\/p>\n\n This plugin connects to the following external services:<\/p>\n\n The bot verification feature performs reverse DNS (FCrDNS) lookups using PHP's No other external services, third-party APIs, or remote requests are used by this plugin. All analytics data is stored locally in your WordPress database. Chart.js is bundled locally \u2014 no CDN requests are made.<\/p>\n\n Crawlantix AI Bot Tracker is designed with privacy as a core principle:<\/p>\n\n For sites that require a formal privacy policy disclosure, you may note: \"We use the Crawlantix AI Bot Tracker plugin to monitor automated AI bot traffic to our site. This plugin records bot User-Agent strings, pseudonymous IP hashes, pages visited, referrer URLs, and timestamps for detected bot traffic only. Raw IP addresses are cryptographically hashed before storage. No human visitor data is collected.\"<\/p>\n\n\n
Lightweight Bot Detection (30+ Bots)<\/h4>\n\n
init<\/code> with a priority-1 action. Bails immediately on non-AI User-Agents \u2014 zero performance cost for human visitors. All 30+ bots tracked.<\/p>\n\nDashboard with Charts<\/h4>\n\n
Bot Activity Table<\/h4>\n\n
Crawled Pages<\/h4>\n\n
Honeypot Endpoint (Logging Only)<\/h4>\n\n
Bot Verification<\/h4>\n\n
Privacy First<\/h4>\n\n
AI Discovery Layer<\/h4>\n\n
ai-plugin.json<\/code> (a discovery manifest that tells visiting AI agents the site is monitored) and llms.txt<\/code> \/ llms-full.txt<\/code> (text content authored by the admin via WordPress pages with slugs llms-txt<\/code> and llms-full-txt<\/code>) at the site root.<\/p>\n\nData Retention<\/h4>\n\n
External Services<\/h3>\n\n
Reverse DNS Lookups<\/h4>\n\n
gethostbyaddr()<\/code> and gethostbyname()<\/code> functions to verify that bots are who they claim to be (e.g., confirming a request claiming to be Googlebot actually originates from Google's network). These lookups send the bot's IP address to your server's configured DNS resolver and the authoritative DNS servers for the IP address's reverse DNS zone. Under some privacy regimes, IP addresses may be considered personal data. This feature runs automatically when a known AI bot visits your site and cannot currently be disabled via the admin UI (a filter hook crawlantix_enable_verification<\/code> is available for developers).<\/p>\n\nPrivacy Policy<\/h3>\n\n
\n
wp-config.php<\/code>). The original IP address cannot be recovered from the hash. Note: pseudonymous IP hashes may still be considered personal data under GDPR.<\/li>\nPremium Version<\/h3>\n\n