=== Blackhole Pro ===

Plugin Name: Blackhole Pro
Plugin URI: https://plugin-planet.com/blackhole-pro/
Description: Protects your site against bad bots by trapping them in a blackhole.
Tags: anti-spam, bad bots, blackhole, honeypot, security, anti spam, antispam, ban, blacklist, block, bots, ip, robots, robots.txt, spam, spider, trap, whois
Author: Jeff Starr
Contributors: specialk
Author URI: https://monzillamedia.com/
Donate link: https://monzillamedia.com/donate.html
Requires at least: 4.1
Tested up to: 5.2
Stable tag: 2.3
Version: 2.3
Requires PHP: 5.6.20
Text Domain: blackhole-pro
Domain Path: /languages
License: The Blackhole Pro license comprises two parts (see "License" section below)

Blackhole Pro is a WordPress security plugin that detects and traps bad bots in a virtual blackhole, where they are denied access to your entire site.



== Description ==

> Add your own virtual Blackhole trap for bad bots.



**Bye bye bad bots..**

Bad bots are the worst. They do all sorts of nasty stuff and waste server resources. Blackhole Pro helps to stop bad bots and save precious resources for legit visitors.



**How does it work?**

First the plugin adds a hidden trigger link to the footer of your pages. You then add a line to your robots.txt file that forbids all bots from following the hidden link. Bots that then ignore or disobey your robots rules will crawl the link and fall into the trap. Once trapped, bad bots are denied further access to your entire site.

I call it the "one-strike" rule: bots have one chance to obey your site's robots.txt rules. Failure to comply results in immediate banishment. And if that seems too harsh, you can adjust the number of allowed "strikes" via the plugin's Threshold setting.

The best part is that the Blackhole only affects bad bots: human users never see the hidden link, and good bots obey the robots rules in the first place. Win-win! :)

**Features**

The free version of Blackhole includes awesome features:

* Easy to set up
* Squeaky clean code
* Focused and modular
* Born of simplicity, no frills
* Lightweight, fast and flexible
* Built with the WordPress API
* Works with other security plugins
* Easy to reset the list of bad bots
* Easy to delete any bot from the list
* Plugin options configurable via settings screen
* Hidden Blackhole link includes "nofollow" attribute
* Works silently behind the scenes to protect your site
* Optionally receive an email alert with WHOIS lookup for blocked bots
* All major search engine bots are whitelisted so they will never get blocked
* Focused on flexibility, performance, and security
* Whitelist any IP address or range
* Whitelist bots via their user agent
* Customize the message displayed to blocked bots ;)
* One-click restore plugin default options



**Pro Features**

Blackhole Pro includes all features of the free version, plus:

* Customize Blackhole Warning message
* Choose a custom blocked message for bad bots
* Disable Blackhole for logged in users
* Logs number of blocked hits for each bot
* Set the number of hits before a bot is banned
* Exclude Blackhole trigger link on specific posts/pages
* Optionally use a transparent 1x1 pixel image for the trigger link
* Customize the trigger link with any text-markup
* Customize the trigger link URL
* Optionally redirect all blocked bots
* Optionally redirect all whitelisted bots
* Choose a custom HTTP Status Code for blocked bots
* Includes new email alert templates
* Customize your own email alerts with shortcodes
* Customize the From header for email alerts
* Complete documentation available via the Help tab
* Full-featured Bad Bot Log, where you can view and manage bad bots
* Bad Bot Log includes field-refined search, custom sorting, pages, and more
* Bad Bot Log includes Geo/IP location lookups for bad bots
* Add bots manually, directly via the Bad Bots screen
* Delete any bot or multiple bots with a click
* One-click restore of the Bad Bot Log



**Whitelist**

By default, this plugin does NOT block any of the major search engines (user agents):

* AOL.com
* Baidu
* Bingbot/MSN
* DuckDuckGo
* Googlebot
* Teoma
* Yahoo!
* Yandex

These search engines (and all of their myriad variations) are whitelisted via user agent. So are a bunch of other "useful" bots. They always are allowed full access to your site, even if they disobey your robots.txt rules. This list can be customized in the plugin settings. For a complete list of whitelisted bots, visit the Help tab in the plugin settings (under "Whitelist Settings").



**Privacy**

__User Data:__ This plugin automatically blocks bad bots. When bad bots fall into the trap, their IP address, user agent, and other request data are stored in the WP database. No other user data is collected by this plugin. At any time, the administrator may delete all saved data via the plugin settings. 

__Services:__ This plugin does not connect to any third-party locations or services.

__Cookies:__ This plugin does not set any cookies.



> Works perfectly with or without Gutenberg

_Header Image Courtesy NASA/JPL-Caltech._



== Screenshots ==

[Screenshots available at Plugin Planet](https://plugin-planet.com/blackhole-pro/#screenshots)



== Installation ==

**Installing Blackhole Pro**

1. Download a zipped copy of Blackhole Pro from Plugin Planet
2. Unzip and upload the `/blackhole-pro/` folder to `/wp-content/plugins/`
3. Visit the WordPress Plugins screen to activate Blackhole Pro
4. Visit the License screen to activate the license

Once Blackhole Pro is installed:

1. Visit the plugin settings > "Robots Rules"
2. Copy the provided robots.txt rules
3. Include the rules in your site's robots.txt file

Blackhole Pro includes complete inline documentation; click the "Help" tab in the upper-right corner of any plugin screen for more information.

More infos:

* [Guide: Install Plugin](https://plugin-planet.com/install-plugin/)
* [Guide: Activate Plugin License](https://plugin-planet.com/activate-deactivate-plugin-license/)
* [Get started using Blackhole Pro](https://plugin-planet.com/blackhole-pro-quick-start/)
* [More info on installing WP plugins](https://codex.wordpress.org/Managing_Plugins#Installing_Plugins)


**Like the plugin?**

If you like Blackhole Pro, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/blackhole-bad-bots/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you!



== Upgrade Notice ==

__Upgrades:__ Your purchase of USP Pro includes free lifetime upgrades, which include new features, bug fixes, and other improvements. When an upgrade is available, WordPress will notify you in the Admin Area. When you see that there is an update available, just click "Update" and WordPress will perform the upgrade automatically. Note that you can [download the latest version of USP Pro at Plugin Planet](https://plugin-planet.com/download-purchased-plugin/) anytime at your convenience. [More info](https://plugin-planet.com/upgrade-plugin/)

Note: uninstalling the plugin from the WP Plugins screen results in the removal of all settings and bot data from the WP database. 



== Usage ==

To use Blackhole Pro:

1. Install and activate the plugin as described above
2. Add the robots.txt rules to your site's robots.txt
3. To configure the plugin, visit the plugin Settings
4. To view and manage blocked bots, visit Bad Bots

Links to reset the plugin options and Bad Bot Log are available in the plugin settings.

Reminder: Blackhole Pro includes complete inline documentation; click the "Help" tab in the upper-right corner of any plugin screen for more information.



**No robots.txt?**

If your site does not have a robots.txt file, you can create one as follows:

1. Add a blank text file to the root directory of your site
2. Name the text file, robots.txt and upload to your server
3. Done.

Tools and more info about robots.txt:

* [Learn more about robots.txt](https://www.robotstxt.org/)
* [Validate your robots.txt file](https://lxrmarketplace.com/robots-txt-validator-tool.html)
* [Validate robots.txt in Google Webmaster Tools](https://www.google.com/webmasters/tools/robots-testing-tool) (requires account login)



**Caching Plugins**

Blackhole works with any type of caching plugin where "page caching" is not enabled.

There are many types of cache plugins. They provide all sorts of different caching mechanisms and features. All caching features work great with Blackhole except for “page caching”. With page caching, the required WP `init` hook may not be fired, which means that plugins like Blackhole are not able to log and ban requests dynamically. Fortunately, some of the most popular caching plugins provide settings that enable full compatibility with Blackhole. For a complete list, check out [this article](https://plugin-planet.com/blackhole-pro-cache-plugins/).



**Testing**

To test that the Blackhole trap is working, view the source code of any web page on your site. Scroll down near the footer of the page until you locate a link that looks similar to the following:

	<a rel="nofollow" style="display:none;" href="https://example.com/?blackhole=1234567890" title="Blackhole Pro">Do NOT follow this link or you will be banned from the site!</a>

Click the link (the `href` value) to view the Warning Message. After visiting the Warning Message, refresh the page to view the Access Denied message. And/or visit any other page on the front-end of your site to verify that you have been banned. But don't worry, you will never be banned from the WP Admin Area or the WP Login Page. So simply log in and remove your IP address from the Bad Bots list to restore front-end access.

Important: in order to test the blackhole link while logged-in, you will need to disable the plugin setting, "Logged-in Users".



**Whitelisted Bots**

Blackhole is rigorously tested to ensure that the top search engine bots are NEVER BLOCKED. Any bots reporting a User Agent that contains any of the following strings will always have access to your site, even if they disobey robots.txt. For a complete list of whitelisted bots, visit the Help tab in the plugin settings (under "Whitelist Settings").

Of course, the whitelist is completely customizable via the plugin settings. Each added string is matched against the full user agent, so be careful. Learn more about [user agents of the top search engines](https://perishablepress.com/list-all-user-agents-top-search-engines/).



**Whitelisted IP Addresses**

In addition to whitelisting user agents, you can also whitelist IP addresses. To do so, visit the "Whitelisted IPs" setting and add any valid IP address (separate multiple IPs with commas). To whitelist a range of IPs, you can exclude an octet, for example:

	173.203.204.

That will allow all bots reporting any IP that begins with `123.456.`. You can also whitelist IP addresses using CIDR notation. Check out the Help tab on the plugin settings page for details. To help ensure that you and other known services never are blocked, Blackhole automatically whitelists several IP addresses. For a complete list of whitelisted IP addresses, visit the Help tab in the plugin settings (under "Whitelist Settings").



**Customizing**

Blackhole provides plenty of hooks for customizing and extending functionality. Visit Plugin Planet for a [list of all Blackhole Pro hooks](https://plugin-planet.com/blackhole-pro-action-filter-hooks/).



**Custom Warning Template**

The Blackhole displays two types of messages:

* Warning Message - Displayed when bots follow the blackhole trigger link
* Blocked Message - Displayed for all requests made by blocked bots

Either of these messages may be customized via the plugin settings. Visit the Help tab for more info.



**Uninstall/Reset**

Blackhole Pro cleans up after itself. All plugin settings and the bad bot list will be removed from your database when the plugin is uninstalled via the Plugins screen. To restore default plugin options without uninstalling, visit the plugin settings. Likewise there is a settings link to clear/reset the Bad Bot Log.



**Credit**

_Header Image Courtesy NASA/JPL-Caltech._



== Resources ==

= Getting started =

* [Blackhole Pro Homepage](https://plugin-planet.com/blackhole-pro/)
* [Blackhole Pro Quick Start Guide](https://plugin-planet.com/blackhole-pro-quick-start/)
* [Blackhole Pro readme.txt](https://plugin-planet.com/wp/files/blackhole-pro/readme.txt)
* [Blackhole Pro Settings](https://plugin-planet.com/blackhole-pro-settings/)
* [Blackhole Pro FAQs](https://plugin-planet.com/blackhole-pro-faqs/)

= Further resources =

* [Blackhole Pro Docs](https://plugin-planet.com/docs/blackhole/)
* [Blackhole Pro Forum](https://plugin-planet.com/forum/blackhole/)
* [Blackhole Pro Tutorials](https://plugin-planet.com/category/tuts+blackhole-pro/)
* [Blackhole Pro News](https://plugin-planet.com/category/news+blackhole-pro/)

= Feedback and downloads =

* [Bug reports, help requests, and feedback](https://plugin-planet.com/blackhole-pro/#contact)
* [Log in to your account for current downloads](https://plugin-planet.com/wp/wp-login.php)
* [Download plugin](https://plugin-planet.com/download-purchased-plugin/)

= Screenshots and more =

* [Learn more about Blackhole Pro](https://plugin-planet.com/blackhole-pro/)
* [Screenshots and more available](https://plugin-planet.com/blackhole-pro/#screenshots)



== Frequently Asked Questions ==

[Check out the Blackhole FAQs at Plugin Planet &raquo;](https://plugin-planet.com/blackhole-pro-faqs/)



== License ==

The Blackhole Pro license is comprised of two parts:
	
* Part 1: Its PHP code is licensed under the GPL (v3 or later), like WordPress. More info @ https://www.gnu.org/licenses/
	
* Part 2: Everything else (e.g., CSS, HTML, JavaScript, images, design) is licensed according to the purchased license. More info @ https://plugin-planet.com/blackhole-pro/
	
Without prior written consent from Monzilla Media, you must NOT directly or indirectly: license, sub-license, sell, resell, or provide for free any aspect or component of Part 2.

Further license information is available in the plugin directory, /license/, and online @ https://plugin-planet.com/wp/files/blackhole-pro/license.txt

Upgrades: Your purchase of Blackhole Pro includes free lifetime upgrades, which include new features, bug fixes, and other improvements. 

Copyright 2019 Monzilla Media. All rights reserved.



== Check out my other plugins ==

Free WordPress plugins:

* [Banhammer](https://wordpress.org/plugins/banhammer/)
* [Host Header Injection Fix](https://wordpress.org/plugins/host-header-injection-fix/)
* [Blackhole for Bad Bots](https://wordpress.org/plugins/blackhole-bad-bots/)
* [BBQ: Block Bad Queries](https://wordpress.org/plugins/block-bad-queries/)
* [Contact Coldform](https://wordpress.org/plugins/contact-coldform/)
* [Dashboard Widgets Suite](https://wordpress.org/plugins/dashboard-widgets-suite/)
* [GA Google Analytics](https://wordpress.org/plugins/ga-google-analytics/)
* [Head Meta Data](https://wordpress.org/plugins/head-meta-data/)
* [Show Support Ribbon](https://wordpress.org/plugins/show-support-ribbon/)
* [Simple Ajax Chat](https://wordpress.org/plugins/simple-ajax-chat/)
* [Simple Basic Contact Form](https://wordpress.org/plugins/simple-basic-contact-form/)
* [Simple Blog Stats](https://wordpress.org/plugins/simple-blog-stats/)
* [Simple Custom Content](https://wordpress.org/plugins/simple-custom-content/)
* [Simple Feed Stats](https://wordpress.org/plugins/simple-feed-stats/)
* [User Submitted Posts](https://wordpress.org/plugins/user-submitted-posts/)
* [Theme Switcha](https://wordpress.org/plugins/theme-switcha/)
* [Prismatic](https://wordpress.org/plugins/prismatic/)

Premium WordPress plugins:

* [BBQ Pro](https://plugin-planet.com/bbq-pro/) - Super fast WordPress firewall
* [Blackhole Pro](https://plugin-planet.com/blackhole-pro/) - Automatically block bad bots
* [Banhammer Pro](https://plugin-planet.com/banhammer-pro/) - Monitor traffic and ban the bad guys
* [GA Google Analytics Pro](https://plugin-planet.com/ga-google-analytics-pro/) - Connect your WordPress to Google Analytics
* [USP Pro](https://plugin-planet.com/usp-pro/) - Unlimited front-end forms

More awesome plugins on the way :)



== Changelog ==

If you like Blackhole Pro, please take a moment to [give a 5-star rating](https://wordpress.org/support/plugin/blackhole-bad-bots/reviews/?rate=5#new-post). It helps to keep development and support going strong. Thank you!


**2.3 (2019/09/08)**

* Optimizes plugin performance
* Optimizes internal code structure
* Increases timeout for GeoIP lookups
* Removes all transients functionality
* Adds "Host Name" info to email alerts
* Adds code to remove transients on uninstall
* Adds "Refresh Geo" link to update bot infos
* Adds "GeoIP Lookup" link to email alerts
* Replaces "User Agent" with "Host Name" on warning page
* Improves display of Bad Bot Log UI
* Adds filters for error log output
* Improves error log handling
* Updates contextual help tab
* Updates some links to https
* Generates new default translation template
* Tests on WordPress 5.3 (alpha)

**2.2 (2019/05/02)**

* Bumps [minimum PHP version](https://codex.wordpress.org/Template:Server_requirements) to 5.6.20
* Tweaks plugin settings screen content
* Updates default translation template
* Tests on WordPress 5.2

**2.1 (2019/04/13)**

* Improves GeoIP lookup functionality
* Adds error handling for `file_get_contents()`
* Generates new default translation template
* Tests on WordPress 5.2 (beta)

**2.0 (2019/04/10)**

* Adds caching for get_vars and lookup data
* Adds `a6-indexer` and `ahrefsbot` to default user-agent whitelist
* Tests on WordPress 5.2 (beta)

**1.9 (2019/04/08)**

* Works on improving GeoIP lookup timeouts and issues
* Generates new default translation template

**1.8 (2019/04/02)**

* Fixes bug with GeoIP lookups timing out
* Tests on WordPress 5.1 and 5.2 (alpha)

**1.7 (2019/03/21)**

* Adds site name and domain to email alerts
* Adds `[domain]`, `[site_name]` shortcodes for custom email alerts
* Adds `array_column()` fallback for older versions of PHP
* Replaces `ipapi.co` with `ip-api.com` for GeoIP lookups
* Improves display of plugin License screen
* Improves functionality for one-click plugin updates
* Improves function `check_blackhole()`
* Fixes some incorrect translation parameters
* Fixes bug where custom geo-lookup shortcodes not working
* Adds check for admin user for settings shortcut link
* Refines plugin settings screen UI
* Generates new default translation template
* Tests on WordPress 5.1 and 5.2 (alpha)

**1.6 (2018/11/18)**

* Adds link to site's `robots.txt` on plugin settings page
* Replaces `geoip.tools` lookup service with `ipapi.co`
* Refines Help tab and documentation
* Updates default translation template
* Tests on WordPress 5.0 (beta)

**1.5 (2018/08/22)**

* Adds intro blurb to email alerts
* Adds filter hook, `blackhole_verify_nonce`
* Adds `rel="noopener noreferrer"` to all [blank-target links](https://perishablepress.com/wordpress-blank-target-vulnerability/)
* Replaces `freegeoip.net` with `geoip.tools` for Geo Lookups
* Fixes PHP Warning for invalid argument in `blackhole_get_hits`
* Fixes PHP Warning for empty array in `blackhole_get_bot_id`
* Updates GDPR blurb and donate link
* Regenerates default translation template
* Further tests on WP 4.9 and 5.0 (alpha)

**1.4 (2018/05/11)**

* Adds support for WP Fastest Cache
* Improves support for caching plugins
* Adds auto-import of whitelist and bad bot data from Blackhole free version
* Adds "Whitelist IP" and "Whitelist User Agent" buttons
* Replaces `ipaddress.com` with `whatismyipaddress.com` as lookup service
* Updates default set of whitelisted user agents
* Updates default set of whitelisted IP addresses
* Adds `rel="noopener noreferrer"` to blank targets
* Updates some text in the plugin Help tabs
* Moves `blackhole_allow_style` to core plugin class
* Fixes obscure `call_user_func` error
* Improves code for plugin License screen
* Adds support plugin link to settings page
* Adds log note if Geo lookup fails
* Renames hook from `blackhole_locale` to `blackhole_i18n_locale`
* Adds new filter hook, `blackhole_import_bots`
* Generates new translation template
* Updates plugin image files
* Tests on WordPress 5.0

**1.3 (2017/11/09)**

* Adds support for `style` attributes in "custom" plugin settings
* Updates `EDD_SL_Plugin_Updater` to [version 1.6.13](https://bit.ly/2yqX3yu)
* Adds support for WP Super Cache and W3 Total Cache
* Improves `load_i18n()` for better translation loading
* Updates `esc_url` to `esc_url_raw` for redirects
* Adds filter hook: `blackhole_locale`
* Regenerates default translation template
* Tests on WordPress 4.9

**1.2.1 (2017/08/13)**

* Replaces `wp_doing_cron()` with direct check for `DOING_CRON`
* Tests on WordPress 4.9 (alpha)

**1.2 (2017/07/29)**

* Refactors core to call `blackhole_get_geo` only when logging
* Adds support for CIDR notation for whitelisted IPs
* Adds function to ignore command-line requests
* Adds logic to ignore WP-Cron requests
* Updates contextual help (Help tab)
* Updates documentation/readme.txt
* Tests on WordPress 4.9 (alpha)

**1.1 (2017/03/28)**

* Updates default IP keys
* Fixes bug for non-admin users
* Adds fallback for `allow_url_fopen()`
* Adds French translation (thanks to Bouzin)
* Adds some missing translation text strings
* Adds filter hook `blackhole_ip_keys` for IP keys
* Adds action hook `blackhole_scanner` for blackhole scanner
* Adds shortcode `[blackhole_trigger]` for trigger link
* Adds meta noindex/noarchive tags to blackhole templates
* Auto-adds server IP to whitelist settings
* Updates some infos in the contextual help tab
* Improves escaping of certain variables
* Uses site's default character set for `htmlentities`
* Replaces global `$wp_version` with `get_bloginfo('version')`
* Generates new default translation template
* Tests on WordPress version 4.8

**1.0 (2017/03/03)**

* Initial release