=== Blackhole Pro === Plugin Name: Blackhole Pro Plugin URI: https://plugin-planet.com/blackhole-pro/ Description: Protects your site against bad bots by trapping them in a virtual black hole. Tags: bots, blackhole, honeypot, security, anti-spam Author: Jeff Starr Contributors: specialk Author URI: https://monzillamedia.com/ Donate link: https://monzillamedia.com/donate.html Requires at least: 4.6 Tested up to: 6.5 Stable tag: 3.4.1 Version: 3.4.1 Requires PHP: 5.6.20 Text Domain: blackhole-pro Domain Path: /languages License: The Blackhole Pro license comprises two parts (see "License" section below) Blackhole Pro is a WordPress security plugin that detects and traps bad bots in a virtual black hole, where they are denied access to your site. == Description == > Add your own virtual black hole trap for bad bots. ### Bye bye bad bots.. ### Bad bots are the worst. They do all sorts of nasty stuff and waste server resources. Blackhole Pro helps to stop bad bots and save precious resources for legit visitors. ### How does it work? ### First the plugin adds a hidden trigger link to the footer of your pages. You then add a line to your robots.txt file that forbids all bots from following the hidden link. Bots that then ignore or disobey your robots rules will crawl the link and fall into the trap. Once trapped, bad bots are denied further access to your entire site. I call it the "one-strike" rule: bots have one chance to obey your site's robots.txt rules. Failure to comply results in immediate banishment. And if that seems too harsh, you can adjust the number of allowed "strikes" via the plugin's Threshold setting. The best part is that the Blackhole only affects bad bots: human users never see the hidden link, and good bots obey the robots rules in the first place. Win-win! :) ### Features ### The free version of Blackhole includes awesome features: * Easy to set up * Squeaky clean code * Focused and modular * Lightweight, fast and flexible * Built with the WordPress API * Works with other security plugins * Easy to reset the list of bad bots * Easy to delete any bot from the list * Plugin options configurable via settings screen * Hidden Blackhole link includes "nofollow" attribute * Works silently behind the scenes to protect your site * Optionally receive email alerts with WHOIS lookup for blocked bots * All major search engines are whitelisted so they never are blocked * Focused on flexibility, performance, and security * Block any specific user agent from site access * Whitelist any IP address or range * Whitelist bots via their user agent * Customize the message displayed to blocked bots ;) * One-click restore plugin default options * Does NOT use or require any .htaccess rules ### Pro Features ### Blackhole Pro includes all features of the free version, plus: * Customize Blackhole Warning message * Choose a custom blocked message for bad bots * Disable Blackhole for logged in users * Logs number of blocked hits for each bot * Set the number of hits before a bot is banned * Exclude Blackhole trigger link on specific posts/pages * Optionally use a transparent 1x1 pixel image for the trigger link * Customize the trigger link with any text-markup * Customize the trigger link URL * Optionally redirect all blocked bots * Optionally redirect all whitelisted bots * Choose a custom HTTP Status Code for blocked bots * Includes new email alert templates * Customize your own email alerts with shortcodes * Customize the From header for email alerts * Complete documentation available via the Help tab * Full-featured Bad Bots Log, where you can view and manage bad bots * Bad Bots Log includes refined search, custom sorting, and more * Bad Bots Log includes Geo/IP location lookups for bad bots * Add bots manually, directly via the Bad Bots screen * Delete any bot or multiple bots with a click * One-click restore of the Bad Bots Log ### Whitelist ### By default, this plugin does NOT block any of the major search engines (user agents): * AOL.com * Baidu * Bingbot/MSN * DuckDuckGo * Googlebot * Teoma * Yahoo! * Yandex These search engines (and all of their myriad variations) are whitelisted via user agent. So are a bunch of other "useful" bots. They always are allowed full access to your site, even if they disobey your robots.txt rules. This list can be customized in the plugin settings. For a complete list of whitelisted bots, visit the Help tab in the plugin settings (under "Whitelist Settings"). ### Privacy ### __User Data:__ This plugin automatically blocks bad bots. When bad bots fall into the trap, their IP address, user agent, and other request data are stored in the WP database. No other user data is collected by this plugin. At any time, the administrator may delete all saved data via the plugin settings. __Services:__ This plugin does not connect to any third-party locations or services. __Cookies:__ This plugin does not set any cookies. ### Developer ### Blackhole Pro is developed and maintained by [Jeff Starr](https://twitter.com/perishable), 15-year [WordPress developer](https://plugin-planet.com/) and [book author](https://books.perishablepress.com/). == Screenshots == [Screenshots available at Plugin Planet](https://plugin-planet.com/blackhole-pro/#screenshots) == Installation == ### Installing Blackhole Pro ### 1. Download a zipped copy of Blackhole Pro from Plugin Planet 2. Unzip and upload the `/blackhole-pro/` folder to `/wp-content/plugins/` 3. Visit the WordPress Plugins screen to activate Blackhole Pro 4. Visit the License screen to activate the license Once Blackhole Pro is installed: 1. Visit the plugin settings > "Robots Rules" 2. Copy the provided robots.txt rules (see note)* 3. Include the rules in your site's robots.txt file __Note:__ For the robots.txt rules, there are two scenarios: 1. Your site has a physical robots.txt file that you can see on the server. In this case, you need to add the required rules manually. 2. OR, your site is using the dynamic/virtual WP-generated robots.txt file, and there is no physical robots.txt file on your server. In this case, the plugin adds the required rules automatically. You do not need to add anything manually. Blackhole Pro includes complete inline documentation; click the "Help" tab in the upper-right corner of any plugin screen for more information. _Using a caching plugin? Check out the section below called "Caching Plugins" for important info._ ### Upgrades ### Your purchase of Blackhole Pro includes free lifetime upgrades, which include new features, bug fixes, and other improvements. When an upgrade is available, WordPress will notify you in the Admin Area. When you see that there is an update available, just click "Update" and WordPress will perform the upgrade automatically. Note that you can [download the latest version of Blackhole Pro at Plugin Planet](https://plugin-planet.com/download-purchased-plugin/) anytime at your convenience. [More info](https://plugin-planet.com/upgrade-plugin/) ### Useful resources ### * [Guide: Install Plugin](https://plugin-planet.com/install-plugin/) * [Guide: Activate Plugin License](https://plugin-planet.com/activate-deactivate-plugin-license/) * [Get started using Blackhole Pro](https://plugin-planet.com/blackhole-pro-quick-start/) * [More info on installing WP plugins](https://wordpress.org/support/article/managing-plugins/#installing-plugins) ### Like the plugin? ### If you like Blackhole Pro, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/blackhole-bad-bots/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you! == Upgrade Notice == This plugin has been tested and is 100% current with the latest version of WordPress. == Usage == To use Blackhole Pro: 1. Install and activate the plugin as described above 2. Add the robots.txt rules to your site's robots.txt 3. To configure the plugin, visit the plugin Settings 4. To view and manage blocked bots, visit Bad Bots Links to reset the plugin options and Bad Bots Log are available in the plugin settings. __Note:__ Blackhole Pro includes complete inline documentation; click the "Help" tab in the upper-right corner of any plugin screen for more information. ### No robots.txt? ### If your site does not have a robots.txt file, you can create one as follows: 1. Add a blank text file to the root directory of your site 2. Name the text file, robots.txt and upload to your server 3. Done. Tools and more info about robots.txt: * [Learn more about robots.txt](https://www.robotstxt.org/) * [Validate your robots.txt file](https://lxrmarketplace.com/robots-txt-validator-tool.html) * [Validate robots.txt in Google Webmaster Tools](https://www.google.com/webmasters/tools/robots-testing-tool) (requires account login) ### Caching Plugins ### Blackhole works with any type of caching plugin where "page caching" is not enabled. There are many types of cache plugins. They provide all sorts of different caching mechanisms and features. All caching features work great with Blackhole except for “page caching”. With page caching, the required WP `init` hook may not be fired, which means that plugins like Blackhole are not able to log and ban requests dynamically. Fortunately, some of the most popular caching plugins provide settings that enable full compatibility with Blackhole. For a complete list, check out [this article](https://plugin-planet.com/blackhole-pro-cache-plugins/). ### Testing ### To test that the Blackhole trap is working, view the source code of any web page on your site. Scroll down near the footer of the page until you locate a link that looks similar to the following: Name of Your Website Click the link (the `href` value) to view the Warning Message. After visiting the Warning Message, refresh the page to view the Access Denied message. And/or visit any other page on the front-end of your site to verify that you have been banned. But don't worry, you will never be banned from the WP Admin Area or the WP Login Page. So simply log in and remove your IP address from the Bad Bots list to restore front-end access. __Important:__ in order to test the blackhole link while logged-in, you will need to disable the plugin setting, "Logged-in Users". ### Whitelist Bots ### Blackhole is rigorously tested to ensure that the top search engine bots are NEVER BLOCKED. Any bots reporting a User Agent that contains any of the following strings will always have access to your site, even if they disobey robots.txt. For a complete list of whitelisted bots, visit the Help tab in the plugin settings (under "Whitelist Settings"). Of course, the whitelist is completely customizable via the plugin settings. Each added string is matched against the full user agent, so be careful. Learn more about [user agents of the top search engines](https://perishablepress.com/list-all-user-agents-top-search-engines/). ### Whitelisted IP Addresses ### In addition to whitelisting user agents, you can also whitelist IP addresses. To do so, visit the "Whitelist IPs" setting and add any valid IP address (separate multiple IPs with commas). To whitelist a range of IPs, you can exclude an octet, for example: 173.203.204. That will allow all bots reporting any IP that begins with `123.456.`. You can also whitelist IP addresses using CIDR notation. Check out the Help tab on the plugin settings page for details. To help ensure that you and other known services never are blocked, Blackhole automatically whitelists several IP addresses. For a complete list of whitelisted IP addresses, visit the Help tab in the plugin settings (under "Whitelist Settings"). ### Customizing ### Blackhole provides plenty of hooks for customizing and extending functionality. Visit Plugin Planet for a [list of all Blackhole Pro hooks](https://plugin-planet.com/blackhole-pro-action-filter-hooks/). ### Custom Warning Template ### The Blackhole displays two types of messages: * Warning Message - Displayed when bots follow the blackhole trigger link * Blocked Message - Displayed for all requests made by blocked bots Either of these messages may be customized via the plugin settings. Visit the Help tab for more info. ### Uninstall/Reset ### Blackhole Pro cleans up after itself. All plugin settings and the bad bot list will be removed from your database when the plugin is uninstalled via the Plugins screen. If you manually added the Blackhole rules to your robots.txt file, then you should remove them. To restore default plugin options without uninstalling, visit the plugin settings. Likewise there is a settings link to clear/reset the Bad Bots Log. ### Credit ### _Header Image Courtesy NASA/JPL-Caltech._ == Resources == Some useful resources for Blackhole Pro: = Getting started = * [Blackhole Pro Homepage](https://plugin-planet.com/blackhole-pro/) * [Blackhole Pro Quick Start Guide](https://plugin-planet.com/blackhole-pro-quick-start/) * [Blackhole Pro readme.txt](https://plugin-planet.com/wp/files/blackhole-pro/readme.txt) * [Blackhole Pro Settings](https://plugin-planet.com/blackhole-pro-settings/) * [Blackhole Pro FAQs](https://plugin-planet.com/blackhole-pro-faqs/) = Further resources = * [Blackhole Pro Docs](https://plugin-planet.com/docs/blackhole/) * [Blackhole Pro Forum](https://plugin-planet.com/forum/blackhole/) * [Blackhole Pro Tutorials](https://plugin-planet.com/category/tuts+blackhole-pro/) * [Blackhole Pro News](https://plugin-planet.com/category/news+blackhole-pro/) = Feedback and downloads = * [Bug reports, help requests, and feedback](https://plugin-planet.com/support/#contact) * [Log in to your account for current downloads](https://plugin-planet.com/wp/wp-login.php) * [Download plugin](https://plugin-planet.com/download-purchased-plugin/) = Screenshots and more = * [Learn more about Blackhole Pro](https://plugin-planet.com/blackhole-pro/) * [Screenshots and more available](https://plugin-planet.com/blackhole-pro/#screenshots) Need help? Reach us anytime via our [contact form](https://plugin-planet.com/support/#contact). == Frequently Asked Questions == Check out the [Blackhole FAQs](https://plugin-planet.com/blackhole-pro-faqs/) at Plugin Planet. ### Questions? Feedback? Bugs? ### There are two channels for getting help: * [Ask a question in the Blackhole Pro Forum](https://plugin-planet.com/forum/blackhole/) ([login required](https://plugin-planet.com/wp/wp-login.php)) * [Send an email via the contact form](https://plugin-planet.com/support/#contact) The contact form is best for direct support, bug reports, and feedback. == License == The Blackhole Pro license comprises two parts: * __Part 1:__ Its PHP code is licensed under the GPL (v3 or later), like WordPress. [More info](https://www.gnu.org/licenses/). * __Part 2:__ Everything else (e.g., CSS, HTML, JavaScript, images, design) is licensed according to the purchased license. [More info](https://plugin-planet.com/blackhole-pro/). Without prior written consent from Monzilla Media, you must NOT directly or indirectly: license, sub-license, sell, resell, or provide for free any aspect or component of Part 2. Further license information is available in the plugin directory, `/license/`, and [online](https://plugin-planet.com/wp/files/blackhole-pro/license.txt). __Upgrades:__ Your purchase of Blackhole Pro includes free lifetime upgrades, which include new features, bug fixes, and other improvements. Copyright 2024 Monzilla Media. All rights reserved. == More from Jeff Starr == Premium WordPress plugins: * [Banhammer Pro](https://plugin-planet.com/banhammer-pro/) - Monitor traffic and ban bad users and bots * [BBQ Pro](https://plugin-planet.com/bbq-pro/) - Fastest firewall plugin for WordPress * [Blackhole Pro](https://plugin-planet.com/blackhole-pro/) - Block bad bots in a virtual black hole * [GA Pro](https://plugin-planet.com/ga-google-analytics-pro/) - Connect WordPress to Google Analytics * [SAC Pro](https://plugin-planet.com/simple-ajax-chat-pro/) - Unlimited chat rooms for WordPress * [USP Pro](https://plugin-planet.com/usp-pro/) - Advanced front-end forms Quality WordPress books: * [The Tao of WordPress](https://wp-tao.com/) * [Digging into WordPress](https://digwp.com/) * [.htaccess made easy](https://htaccessbook.com/) * [WordPress Themes In Depth](https://wp-tao.com/wordpress-themes-book/) * [Wizard's SQL Recipes for WordPress](https://books.perishablepress.com/downloads/wizards-collection-sql-recipes-wordpress/) More awesome stuff on the way :) == Changelog == If you like Blackhole Pro, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/blackhole-bad-bots/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you! **3.4.1 (2024/03/25)** * Replaces `gwhois.org` with `whois.com` for whois lookups * Removes duplicate option from `uninstall.php` * Updates plugin settings page and help tab * Updates default translation template * Improves plugin docs/readme.txt * Tests on WordPress 6.5 (beta) Full changelog @ [https://plugin-planet.com/wp/changelog/blackhole-pro.txt](https://plugin-planet.com/wp/changelog/blackhole-pro.txt)