Intégrations → WordPress
ZeroBot Security — plugin WordPress
Antibot, pare-feu, captcha et renseignements sur les menaces — tout dans votre wp-admin. Six couches de protection, un tableau de bord, zéro code.
Installation
- Dans votre wp-admin : ouvrez Extensions → Ajouter, cherchez "ZeroBot Security", cliquez sur Installer → Activer. Tous les téléchargements passent par WordPress.org — aucun zip tiers.
- Allez dans ZeroBot → Licence et collez votre clé de licence (depuis le tableau de bord ZeroBot).
- Votre domaine actuel est enregistré automatiquement à l'activation de la licence. Aucune étape manuelle.
- Ouvrez ZeroBot → Paramètres de protection, activez l'interrupteur principal et les couches souhaitées.
Six couches de protection
Chaque couche est désactivée par défaut. Activez-les depuis ZeroBot → Paramètres de protection, plus l'interrupteur principal en haut.
| Layer | What it does |
|---|---|
| Firewall | Site-wide screening of every public request. Blocks bots on page load before PHP does any work. |
| Page Protection | Per-URL antibot with captcha fallback for borderline traffic (Cloudflare Turnstile or ZeroBot native slider). |
| Login Guard | Rate-limits failed logins per IP, auto-blacklists offenders, screens login IPs against the ZeroBot blacklist. |
| Comment Guard | Rejects spam comments before they're saved to the DB. |
| REST API Guard | Screens public REST calls. Auto-exempts WooCommerce Store API and ZeroBot's own routes. |
| XML-RPC Guard | Disables XML-RPC (or screens it per-request). A top brute-force attack vector. |
Référence des paramètres
| Setting | Default | Notes |
|---|---|---|
| Master switch | Off | Turns every protection layer on/off globally. Leave it off while you configure, flip on to go live. |
| Allowed countries | all | ISO 2-letter codes, comma-separated. Non-matching visitors are blocked with reason Country Denied. Enforced server-side. |
| Firewall exempt paths | (empty) | One path per line. Any URL matching any line skips the firewall (useful for webhooks, health checks). |
| Fail mode | Fail-open | When the API is unreachable: open lets traffic through, closed returns 503. Switch to closed only if you'd rather block than risk a bot getting through. |
| Login max attempts / block minutes | 5 / 15 | Threshold and cooldown for the Login Guard. |
| Browser fingerprint | Off | Injects the fingerprint collector on every front-end page. Detects headless browsers & automation. Off by default because it's the only layer that loads external JS. |
Tableau de bord & journaux
- Dashboard — license status, 24h / 7d stats, recent-threat table scoped to this site only.
- Threat Logs — filterable viewer of every
/v3/openapidecision for this site. CSV export, one-click whitelist/blacklist action per row. - Whitelist / Blacklist — IPs, CIDR ranges, ASNs. Scoped to
service=all— covers antibot, hosting, shortener, redirection at once.
Dépannage
- "The plugin doesn't seem to block anyone."
- Check the master switch AND the specific protection toggle are both on. Open an incognito window — if you're logged in as admin, the Firewall skips you by design. Bots coming from datacenters or known-bad IPs will be blocked; residential visitors are correctly allowed through.
- "My IP shows up once then never again."
- The 24-hour per-IP decision cache. Click Clear Cache in Protection Settings to force a re-check on your next visit.
- "Domain not authorized" banner at the top of wp-admin.
- Your domain was removed from the ZeroBot Authorized Domains list (or the license was deactivated). Click Authorize this domain in the banner — it re-registers this site instantly.
- "I want to see every visit logged for debugging."
- The plugin de-duplicates per IP for 24h by design. For full verbose logging, contact support to enable per-request logging temporarily on your account.
Préférez l'API brute ?
Si vous utilisez un thème personnalisé ou voulez l'API dans du code non-WordPress, consultez les guides PHP, Node.js, Python ou cURL/REST. Le plugin WordPress n'est qu'un wrapper autour de /v3/openapi, /v3/antibot et /v3/account/*.