外掛說明
Voho bot manager hardens WordPress against the new wave of AI-driven crawlers—including stacks associated with OpenClaw—that attempt to scrape, snapshot, and probe your content through non-interactive, headless browsing pipelines.
When a high-risk automation session is identified, the plugin terminates the request with HTTP 403, returns a concise English denial page, and persists structured telemetry (UTC timestamp, client IP, requested URL, and an intercepted flag reserved for richer policy engines) inside {prefix}voho_bot_manager_intercepted_log.
Operational visibility
- Dedicated Voho Bot Manager admin hub with paginated history.
- Timestamps rendered in your configured WordPress timezone so responders can correlate events quickly.
- View log shortcut on the Plugins screen for one-click access.
Roadmap-aware positioning: automated threat actors evolve weekly; Voho bot manager ships iterative detection upgrades so your perimeter keeps pace with emerging AI browsing agents without waiting for a full rewrite.
OpenClaw and similar names refer to widely discussed AI browsing ecosystems; Voho bot manager is an independent security tool and is not affiliated with any third-party vendor.
安裝方式
- Upload the
voho-bot-managerfolder to/wp-content/plugins/. - Activate Voho bot manager through the Plugins menu in WordPress.
- Open Voho Bot Manager in the admin sidebar (or use View log on the plugin row) to review intercepted requests.
On activation the plugin creates the {prefix}voho_bot_manager_intercepted_log table automatically.
常見問題集
-
How does this help against OpenClaw-style AI crawlers?
-
The plugin blocks the non-human automation paths these agents rely on, answers with HTTP 403, and logs each attempt so you can audit abuse, tune upstream controls, and brief stakeholders with concrete evidence.
-
Will it catch every crawler on the internet?
-
No defensive layer can promise universal coverage. Voho bot manager focuses on the high-risk automation families behind modern AI scrapers and continuously expands detection as new behaviours appear.
-
Does the plugin work with caching or CDN layers?
-
If a cache or proxy serves a response without executing WordPress/PHP for matching requests, interception must happen at that layer instead. Otherwise behaviour is unchanged.
-
What data is stored?
-
Each intercepted request stores UTC time, client IP (or the first value from
X-Forwarded-Forwhen present), full requested URL, and a boolean intercepted flag.
使用者評論
這個外掛目前沒有任何使用者評論。
參與者及開發者
變更記錄
1.2.0
- Server-side blocking uses automation User-Agent patterns (e.g. python-requests, Go-http-client, curl, HeadlessChrome) while allowlisting common search/index crawlers (Google, Bing, Yandex, Baidu, etc.). Filters:
voho_bot_manager_search_bot_allowlist,voho_bot_manager_automation_ua_patterns,voho_bot_manager_should_block_request.
1.1.0
- Split codebase into
includes/for maintainability; forbidden HTML lives intemplates/forbidden.php. - Public forbidden screen at
/voho-bot-forbidden/(flush permalinks after update) with plain-URL fallback. - Front-end script
assets/js/bot-check.jsdetects common automation signals in the browser and redirects to the forbidden screen (logged whenvoho_js=1).
1.0.5
- Themed HTTP 403 page: loads the active (and parent, if child) theme stylesheet, uses block-theme CSS variables when present, and returns JSON errors for REST/JSON requests.
1.0.4
- Harden input handling (
wp_unslash, sanitization), usewpdb::prepare()identifier placeholders for custom table queries, and document direct DB usage for Plugin Check.
1.0.3
- Show log timestamps in the site timezone with an explanatory note.
1.0.2
- Top-level admin menu and View log plugin action link.
1.0.1
- Admin log viewer with pagination.
1.0.0
- Initial release: AI crawler mitigation, HTTP 403 enforcement, database log on activation.