PluginHero supports this item


This author's response time can be up to 2 business days.

7 comments found.


looks interesting!

1. Does it support IPv6?

2. Is WP Multisite supported?

Thanks! ;)

Hi, thanks – BP is based on some work we did for some of our own websites – although it isn’t the be-all-and-end-all of solving problems caused by this sort of traffic, it’s definitely helped us in the past.

In answer to your questions:

1. Yes, it actually treats the IP address a string under the hood so it’ll deal with either IPv4 or IPv6 fine (will add this as an FAQ as it’s a good question).

2. Yes, it should be – as long as you activate the plugin per site (rather than network activation). We are discussing whether or not to add network activation support at the moment (there is a bit of a debate as to whether the plugin should be able to ‘add up’ visits to all sites or not – once we figure out the logic we want to run with, we’ll update if appropriate).

If you run into problems when activating the plugin per site, we’ll look into them for you – we certainly want it to work normally in this scenario!

Thanks! :)

Hi, from AWstats, I detect that there are few other domain that auto redirect to our wp-login page. Instead of blocking the ip adress, is it possible to use BotPlug filter from some domain? Thanks

Strangely yes they are and it’s what I meant :). We contacted the hosting of those sites. Some got fixed, a few replied that the domain contains exploit but they’ve been eating our bandwidth anyway. We’ve been having difficulties handling these kinds despite using IP deny manager.
Not sure if you encounter this experience before.

Right, I see! Yes – it sounds like you need to block based on referrer, which I can confirm BotPlug doesn’t do (as it evaluates the visitor, not where they have visited from). I’ll log this as something we’d like to change, although I can’t guarantee that we’ll be able to add it immediately – will keep you posted! :)

Hi! We’ve just released (and had approved) an update – v1.0.1, which includes the ability to create filtering rules based on HTTP_REFERER :)


Can i translate “Bot or Not? page content” and “Pop Quiz! number” to my local language? :) Screenshot

Thanks, Tuan.

Hi Tuan,

Right now, BotPlug doesn’t support localisation – however, we will definitely add this as soon as possible. I’m on holiday at the moment, so there may be a bit of a delay, but will update the plugin as soon as I can.


Hiya, we’ve just released (and had approved) an update – v1.0.1 – which makes the “public” text translatable via a POT file (standard WP i8ln) – this includes Bot/Not and the numbers for the CAPTCHA!

p/s: Does it conflict with any search engine? Does it stop crawler bot? :)

Hi, Good question – which we’ll probably move to FAQs. :)

In theory, it’ll stop anything which crawls your site excessively (as defined in your parameters), however, if you wanted to ensure that e.g. Google is never blocked, you can look up their IP ranges and explicitly whitelist them in your config.

That said, we’ve deployed the same functionality to a substantial number of sites and never had any problems with this impacting SEO – because Google and other legitimate crawlers tend to pace their requests at a reasonable speed, BotPlug typically doesn’t interfere with them.


IP Address [MY SERVER IP] has exceeded the configured limit of 30 requests in a minute and has been blocked for 30 minutes. !


Can you drop us an email with a login so we can take a look, please?


Just bought this plugin and tested in our sandbox. Not sure if you’re still developing this plugin or not, but I would suggest adding the option to temporarily white list sessions that have gone through the captcha process (slowdown still activated to minimize abuse – but session would never get blocked in full). This way the initial security settings can be set a little more aggressively, and then loosened when the session is proved human after the captcha process. Also, the same should be applied for users that are logged in of course. Thanks!


Although we haven’t released a patch for BotPlug in some time (it was originally based on functionality we created in an ASP.NET library in client sites), your suggestion is definitely worth including and I’ll put it on the wish list – so that as soon as we have time to implement it, we can. Updates are always pushed out freely through CodeCanyon.

Thanks again! :)

In Error Log File : session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and ’-,’ in /home/xxxx/public_html/wp-content/plugins/codecanyon-4790530-botplug-brute-force-spam-bot-protection/pluginhero_botplug.php on line 521


This isn’t actually a problem with BotPlug per se, as this error pops up when a PHPSESSID cookie passed to your server by a client has an invalid value.

There are a couple of situations under which this can happen – one is when a client is deliberately passing bad values (trying to cause errors) and the other is when there is potentially a misconfiguration on your hosting – it might be worth asking your host if they’ve seen this before and if they can do anything to help.

I’ll also put a note on the BotPlug TODO list to see if there is a way we can detect sessions with invalid cookies and auto-block them incase they are malicious!

Cheers :)