Description
Add your own virtual black hole trap for bad bots.
-
Easy to set up -
Squeaky clean code -
Focused and modular -
Lightweight, fast and flexible -
Built with the WordPress API -
Works with other security plugins -
Easy to reset the list of bad bots -
Easy to delete any bot from the list -
Regularly updated and “future proof” -
Blackhole link includes “nofollow” attribute -
Plugin options configurable via settings screen -
Works silently behind the scenes to protect your site -
Whitelists all major search engines to never block -
Focused on flexibility, performance, and security -
Email alerts with WHOIS lookup for blocked bots -
Complete inline documentation via the Help tab -
Provides setting to whitelist any IP addresses -
Customize the message displayed to bad bots 😉 -
One-click restore the plugin default options -
Does NOT use or require any .htaccess rules
-
AOL.com -
Baidu -
Bingbot/MSN -
DuckDuckGo -
Googlebot -
Teoma -
Yahoo! -
Yandex
-
The Tao of WordPress -
Digging into WordPress -
.htaccess made easy -
WordPress Themes In Depth -
Wizard’s SQL Recipes for WordPress
-
BBQ Pro – Super fast WordPress firewall -
Blackhole Pro – Automatically block bad bots -
Banhammer Pro – Monitor traffic and ban the bad guys -
GA Google Analytics Pro – Connect WordPress to Google Analytics -
Simple Ajax Chat Pro – Unlimited chat rooms -
USP Pro – Unlimited front-end forms
Screenshots
Installation
-
Upload the Blackhole plugin to your blog and activate -
Visit the Blackhole Settings and copy the Robots Rules -
Add the Robots Rules to your site’s robots.txt file (see note)* -
Configure the Blackhole Settings as desired and done
-
Your site has a physical robots.txt file that you can see on the server. In this case, you need to add the required rules manually. -
OR, your site is using the dynamic/virtual WP-generated robots.txt file, and there is no physical robots.txt file on your server. In this case, the plugin adds the required rules automatically. You do not need to add anything manually.
-
You want to use your own physical robots.txt file that you can view and edit on the server. In this case, follow the steps below to create your site’s robots.txt file. -
OR, you want to use the dynamic/virtual WP-generated robots.txt file, such that there is no physical robots.txt file on your server. In this case, you don’t need to do anything, because WordPress automatically generates a robots.txt file when requested.
-
Add a blank plain-text file to the root directory of your site -
Name the text file robots.txt and upload to your server
https://example.com/robots.txt
-
Learn more about robots.txt -
Validate your robots.txt file -
Validate robots.txt in Google Webmaster Tools -
Google Robots.txt Specifications -
How to Create a robots.txt file
-
Robots.txt Validator -
Robots txt File Checker -
Robots.txt Checker -
Robots.txt Test Tool -
Robots.txt Test
<a rel="nofollow" style="display:none" href=" https://example.com/?blackhole=1234567890 " title="Do NOT follow this link or you will be banned from the site! ">Name of Your Website</a>
-
Make sure you’ve set up according to the docs above -
New(er) websites may not get a lot of bad bot traffic -
Sites with low traffic may not get a lot of bad bots -
Check if you are using any other bot-blocking plugins -
Not all websites (even popular ones) get tons of bots -
Blackhole will not work if you have page caching on site -
If in doubt, you can test if the plugin is working (see previous section above)
-
Whitelist Bots -
Whitelist IPs
a6-indexer, adsbot-google, ahrefsbot, aolbuild, apis-google, baidu, bingbot, bingpreview, butterfly, cloudflare, chrome, duckduckgo, embedly, facebookexternalhit, facebot, google page speed, googlebot, ia_archiver, linkedinbot, mediapartners-google, msnbot, netcraftsurvey, outbrain, pinterest, quora, rogerbot, showyoubot, slackbot, slurp, sogou, t eoma, tweetmemebot, twitterbot, uptimerobot, urlresolver, vkshare, w3c_validator, wordpress, wp rocket, yandex
123.456.
blackhole_options blackhole_badbots blackhole_get_options blackhole_get_badbots blackhole_log_data blackhole_trigger blackhole_vars blackhole_log blackhole_ip_keys blackhole_alert_name blackhole_alert_subject blackhole_alert_message blackhole_alert_headers blackhole_needle blackhole_message_default blackhole_message_custom blackhole_message_nothing blackhole_ignore_loggedin blackhole_ignore_backend blackhole_ignore_login blackhole_block_status blackhole_block_protocol blackhole_block_connection blackhole_ip_filter blackhole_validate_ip_log blackhole_settings_contextual_help blackhole_badbots_contextual_help
-
Warning Message – Displayed when bots follow the blackhole trigger -
Blocked Message – Displayed for all requests made by blocked bots
-
Copy blackhole-template.php from the plugin’s /inc/ directory -
Paste the file into your theme template, for example: /wp-content/my-awesome-theme/blackhole-template.php -
Customize any of the markup between “BEGIN TEMPLATE” and “END TEMPLATE” -
Upload to your server and done
delete_option('bbb_options'); delete_option('bbb_badbots');
FAQ
-
Do you offer any other security plugins? -
Yes, three of them: -
BBQ Firewall for super-fast firewall security -
Blackhole for Bad Bots to protect your site against bad bots -
Banhammer to monitor and ban any user or IP address
Pro versions with more features available at Plugin Planet . -
-
How is this plugin different than a firewall? -
Blackhole uses its own “smart bot technology” that only blocks bots if they have demonstrated bad behavior. Firewalls typically are “static” and block requests based on a predefined set of patterns. That means that firewalls sometimes block legitimate visitors. Blackhole never blocks regular visitors, and only it blocks bots that disobey your site’s robots.txt rules. So the rate of false positives is close to zero. -
The trigger link is not appearing in the source code? -
In order for the plugin to add the trigger link to your pages, your theme must include the template tag, wp_footer() . This is a recommended tag for all WordPress themes, so your theme should include it. If not, you can either add it yourself or contact the theme developer and ask for help. Here is more information about wp_footer() . Once the footer tag is included, the plugin will be able to add the trigger link to your pages. -
Will this block good bots like Google and Bing? -
No. Never. All the major search engine bots are whitelisted and will never be blocked. Unless you remove them from the whitelist setting, which is not recommended. -
I think the plugin is blocking Chrome, Firefox, etc.? -
Impossible because the plugin never blocks by user agent. It only blocks by IP address. No other criteria are used to block anything. -
How to add bots to the Blackhole manually? -
Question: Is it possible to block some bots by just adding them to blocked list and deny them Access to my website? Answer: Not possible with the free version, but the Pro version includes an easy way to add bots manually (via the Bad Bots Log). -
How do I add other bots to the whitelist? -
Visit the plugin settings and add to the list. -
How do I reset the list of blocked bots? -
Visit the plugin settings and click the button. -
How do I delete the example/default bot from the log? -
Not possible with the free version, but can do with the Pro version . -
How can I disable the email alerts? -
Visit the plugin settings and click the button. -
Is there a standalone version of the Blackhole? -
Yes. Visit Perishable Press to download a PHP-based version that does not require WordPress. -
Is there a Pro version of Blackhole? -
Yes, the Pro version is available at Plugin Planet. -
Is Multisite supported? -
Not yet, but it’s on the to-do list. -
Which IP address are added by default? -
Your server IP address and your local (home) IP address (or whichever IP you are using when the plugin is installed). -
Can I manually include the blackhole link? -
Yes, you can add the following code anywhere in your theme template: <? php if (function_exists('blackhole_trigger')) blackhole_trigger(); ?> -
Should whitelisted bots contain exact names? -
Question: Should whitelisted bots contain exact names, or can I just use partial names? Answer: You can use partial names or full names, depending on how specific you would like to be with blocking. If you look at the default whitelisted bot strings, you will see that they are just portions of the full user agent. So for example you can block all bots that include the string “whateverbot” by including that string in the whitelist setting. It makes it easier to block bots, but you have to be careful about false positives. -
By default, WordPress will automatically serve a hidden, “virtual” robots.txt file to anything that requests it. Once you add your own “real” robots.txt file, WordPress will stop generating the virtual one. So when it comes to WordPress and robots.txt, real trumps virtual. Blackhole Pro requires that you add some rules to an actual robots.txt file, but it does not create/add any robots rules or the robots.txt file for you. Check out the plugin’s Help tab for more infos. -
Which WP caching plugins are compatible with Blackhole? -
Check out the section on “Caching Plugins” in the plugin documentation -
Does Blackhole clean up after itself? -
Yes! As explained in the “Uninstalling” section in the plugin documentation , when Blackhole is uninstalled via the Plugins screen, it removes everything from the database. After uninstalling, don’t forget to remove the blackhole rules from your robots.txt file. Then there will be zero trace of the plugin on your site. -
How to disable the hostname lookup? -
By default, the plugin uses PHP’s gethostbyaddr() function to lookup the host name for blocked requests. This is fine on most servers but some may experience slight reduced performance. So for those who may need it, the following code snippet can be added to disable the host lookup: function blackhole_enable_host_check() { return false; } add_filter('blackhole_enable_host_check', 'blackhole_enable_host_check'); That code can be added via your theme (or child theme) functions.php, or add via custom plugin . -
How to disable the error log entries? -
By default the plugin adds an entry in the site error log for any invalid IP address. To disable this feature, add the following code snippet to your (child) theme’s functions file, or add via custom plugin : function blackhole_validate_ip_log_custom($log, $ip) { return ''; } add_filter('blackhole_validate_ip_log', 'blackhole_validate_ip_log_custom', 10, 2); -
How to enable Blackhole protection on Login Page? -
By default, Blackhole never blocks anything on the WP Login Page. This is to prevent new users from accidentally getting locked out of their site. To change the default behavior, and add Blackhole protection to the Login Page, add the following code to theme or child theme’s functions.php, or add via custom plugin : function blackhole_ignore_login($ignore) { return false; } add_filter('blackhole_ignore_login', 'blackhole_ignore_login'); If you get locked out inadvertently, simply remove the code and the Login Page will be accessible once again. -
How to prevent automatic robots.txt rules? -
By default, Blackhole will automatically add the required rules to your site’s robots.txt file. This happens only when using WordPress’ auto-generated robots.txt file. So if you would rather add the rules yourself, and not have Blackhole make any changes to robots.txt, simply add a physical robots.txt file instead of using the one that otherwise would be generated by WordPress. When an actual/physical robots.txt file exists in your site’s root directory, WordPress will not auto-generate one, and thus Blackhole will not add any rules or make any changes. -
Got a question? -
Send any questions or feedback via my contact form
Reviews
Contributors & Developers
Interested in development?
Changelog
-
Updates/synchronizes plugin settings page -
Updates default translation template -
Improves plugin docs/readme.txt -
Tests on WordPress 6.5 (beta)