Интеграции → WordPress
ZeroBot Security — плагин WordPress
Антибот, фаервол, капча и данные об угрозах прямо в wp-admin. Шесть слоёв защиты, одна панель, без кода.
Установка
- В wp-admin откройте Плагины → Добавить новый, найдите "ZeroBot Security" и нажмите Установить → Активировать. Все загрузки идут с WordPress.org — никаких сторонних ZIP.
- Перейдите в ZeroBot → Лицензия и вставьте ключ (из панели ZeroBot).
- Текущий домен автоматически регистрируется при активации лицензии. Ручных шагов нет.
- Откройте ZeroBot → Настройки защиты, включите главный переключатель и нужные слои.
Шесть слоёв защиты
Каждый слой по умолчанию выключен. Включайте их в ZeroBot → Настройки защиты, плюс главный переключатель сверху.
| Layer | What it does |
|---|---|
| Firewall | Site-wide screening of every public request. Blocks bots on page load before PHP does any work. |
| Page Protection | Per-URL antibot with captcha fallback for borderline traffic (Cloudflare Turnstile or ZeroBot native slider). |
| Login Guard | Rate-limits failed logins per IP, auto-blacklists offenders, screens login IPs against the ZeroBot blacklist. |
| Comment Guard | Rejects spam comments before they're saved to the DB. |
| REST API Guard | Screens public REST calls. Auto-exempts WooCommerce Store API and ZeroBot's own routes. |
| XML-RPC Guard | Disables XML-RPC (or screens it per-request). A top brute-force attack vector. |
Справка по настройкам
| Setting | Default | Notes |
|---|---|---|
| Master switch | Off | Turns every protection layer on/off globally. Leave it off while you configure, flip on to go live. |
| Allowed countries | all | ISO 2-letter codes, comma-separated. Non-matching visitors are blocked with reason Country Denied. Enforced server-side. |
| Firewall exempt paths | (empty) | One path per line. Any URL matching any line skips the firewall (useful for webhooks, health checks). |
| Fail mode | Fail-open | When the API is unreachable: open lets traffic through, closed returns 503. Switch to closed only if you'd rather block than risk a bot getting through. |
| Login max attempts / block minutes | 5 / 15 | Threshold and cooldown for the Login Guard. |
| Browser fingerprint | Off | Injects the fingerprint collector on every front-end page. Detects headless browsers & automation. Off by default because it's the only layer that loads external JS. |
Панель и журналы
- Dashboard — license status, 24h / 7d stats, recent-threat table scoped to this site only.
- Threat Logs — filterable viewer of every
/v3/openapidecision for this site. CSV export, one-click whitelist/blacklist action per row. - Whitelist / Blacklist — IPs, CIDR ranges, ASNs. Scoped to
service=all— covers antibot, hosting, shortener, redirection at once.
Устранение неполадок
- "The plugin doesn't seem to block anyone."
- Check the master switch AND the specific protection toggle are both on. Open an incognito window — if you're logged in as admin, the Firewall skips you by design. Bots coming from datacenters or known-bad IPs will be blocked; residential visitors are correctly allowed through.
- "My IP shows up once then never again."
- The 24-hour per-IP decision cache. Click Clear Cache in Protection Settings to force a re-check on your next visit.
- "Domain not authorized" banner at the top of wp-admin.
- Your domain was removed from the ZeroBot Authorized Domains list (or the license was deactivated). Click Authorize this domain in the banner — it re-registers this site instantly.
- "I want to see every visit logged for debugging."
- The plugin de-duplicates per IP for 24h by design. For full verbose logging, contact support to enable per-request logging temporarily on your account.
Хотите напрямую API?
Если у вас кастомная тема или нужен API вне WordPress, смотрите руководства PHP, Node.js, Python или cURL/REST. Плагин WordPress — это лишь обёртка над /v3/openapi, /v3/antibot и /v3/account/*.