{"id":273974,"date":"2026-01-12T19:32:35","date_gmt":"2026-01-12T19:32:35","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/zero-budget-bot-shield\/"},"modified":"2026-01-14T22:48:30","modified_gmt":"2026-01-14T22:48:30","slug":"zero-budget-bot-shield","status":"publish","type":"plugin","link":"https:\/\/cn.wordpress.org\/plugins\/zero-budget-bot-shield\/","author":16986154,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.2","stable_tag":"1.0.2","tested":"6.9.4","requires":"4.7","requires_php":"7.4","requires_plugins":null,"header_name":"Zero Budget Bot Shield","header_author":"WP Natives","header_description":"Free, lightweight geo-based bot blocking and 404 abuse protection.","assets_banners_color":"b4aea2","last_updated":"2026-01-14 22:48:30","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/wpnatives.com","header_plugin_uri":"https:\/\/app.wpnatives.com\/zero-budget-bot-shield-lightweight-country-blocking-and-404-abuse-protection-for-wordpress\/","header_author_uri":"https:\/\/wpnatives.com","rating":0,"author_block_rating":0,"active_installs":20,"downloads":192,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.1":{"tag":"1.0.1","author":"wppropress","date":"2026-01-12 19:31:23"},"1.0.2":{"tag":"1.0.2","author":"wppropress","date":"2026-01-14 22:48:30"}},"upgrade_notice":{"1.0.1":"<p>Added option to clear stats= 1.0.2 =\nHardened GeoIP country detection with strict ISO-3166 alpha-2 allow-list validation.\nAdded defensive limits to block statistics storage to prevent unbounded option growth.\nIntroduced per-request static caching for GeoIP country lookups to reduce repeated header parsing.\nImproved compatibility across hosting environments by safely checking multiple server, environment, and header sources.\nMaintained full WordPress.org coding standards compliance.\nNo external services, no remote requests, and no IP address storage introduced.\nExisting blocked country configurations continue to work without modification.\nNo breaking changes to existing settings or stored options.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3438116,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3438116,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500-rtl.png":{"filename":"banner-1544x500-rtl.png","revision":3438116,"resolution":"1544x500","location":"assets","locale":""},"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3438116,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250-rtl.png":{"filename":"banner-772x250-rtl.png","revision":3438116,"resolution":"772x250","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3438116,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.1","1.0.2"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3438116,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3438116,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3438116,"resolution":"3","location":"assets","locale":""}},"screenshots":{"1":"Admin settings page showing blocked countries and geo-blocking status.","2":"Green status box when geo-blocking is active.","3":"Yellow status box when geo-blocking is inactive."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[253840,4866,1174,242487,600],"plugin_category":[54],"plugin_contributors":[248618],"plugin_business_model":[],"class_list":["post-273974","plugin","type-plugin","status-publish","hentry","plugin_tags-404-protection","plugin_tags-bots","plugin_tags-firewall","plugin_tags-geo-blocking","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-wppropress","plugin_committers-wppropress"],"banners":{"banner":"https:\/\/ps.w.org\/zero-budget-bot-shield\/assets\/banner-772x250.png?rev=3438116","banner_2x":"https:\/\/ps.w.org\/zero-budget-bot-shield\/assets\/banner-1544x500.png?rev=3438116","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/zero-budget-bot-shield\/assets\/icon-128x128.png?rev=3438116","icon_2x":"https:\/\/ps.w.org\/zero-budget-bot-shield\/assets\/icon-256x256.png?rev=3438116","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/zero-budget-bot-shield\/assets\/screenshot-1.png?rev=3438116","caption":"Admin settings page showing blocked countries and geo-blocking status."},{"src":"https:\/\/ps.w.org\/zero-budget-bot-shield\/assets\/screenshot-2.png?rev=3438116","caption":"Green status box when geo-blocking is active."},{"src":"https:\/\/ps.w.org\/zero-budget-bot-shield\/assets\/screenshot-3.png?rev=3438116","caption":"Yellow status box when geo-blocking is inactive."}],"raw_content":"<!--section=description-->\n<p>Zero Budget Bot Shield is a WordPress security plugin that provides country blocking and 404 abuse protection without using external APIs or services<\/p>\n\n<h3>Country Blocking Without External APIs<\/h3>\n\n<p>Most geo-blocking plugins depend on third-party IP lookup services.\nZero Budget Bot Shield does not.<\/p>\n\n<p>Instead, it reads country codes directly from:<\/p>\n\n<ul>\n\n<li>Cloudflare IP country headers<\/li>\n\n <li>Hosting provider GeoIP headers<\/li>\n\n <li>Standard server-level GeoIP integrations<\/li>\n<\/ul>\n\n<p>This means:<\/p>\n\n<ul>\n\n <li>No API keys<\/li>\n\n <li>No outbound IP lookups<\/li>\n\n <li>No visitor data sent to external services<\/li>\n\n <li>No privacy policy complexity<\/li>\n\n<\/ul>\n\n<h3>Features<\/h3>\n\n<p>All features are available out of the box, with nothing locked behind a paywall.<\/p>\n\n<ul>\n    <li>Country blocking using server-level GeoIP headers<\/li>\n    <li>No external APIs, IP databases, or paid services<\/li>\n    <li>Automatic detection and blocking of 404 abuse<\/li>\n    <li>Configurable rate limits and time windows<\/li>\n    <li>Admin dashboard with statistics and event logs<\/li>\n    <li>Exportable logs for auditing and analysis<\/li>\n    <li>Native WordPress admin interface<\/li>\n    <li>No front-end scripts or styles<\/li>\n    <li>Fully self-contained and privacy-friendly<\/li>\n<\/ul>\n\n<h3>How It Works<\/h3>\n\n<p>\nZero Budget Bot Shield uses country codes provided by your server environment, such as:\n<\/p>\n\n<ul>\n    <li>Cloudflare IP country headers<\/li>\n    <li>Hosting provider GeoIP integrations<\/li>\n    <li>Standard server-level GeoIP modules<\/li>\n<\/ul>\n\n<p>\nNo outbound IP lookups are performed, and no visitor data is sent outside your WordPress installation.\n<\/p>\n\n<p>\nFor 404 protection, the plugin monitors repeated not-found responses per IP address and automatically applies temporary blocks when thresholds are exceeded.\n<\/p>\n\n<h3>Privacy and Performance<\/h3>\n\n<ul>\n    <li>No user tracking<\/li>\n    <li>No storage of personally identifiable information<\/li>\n    <li>No external API calls or SaaS dependencies<\/li>\n    <li>No background cron jobs<\/li>\n    <li>No performance impact on normal visitors<\/li>\n<\/ul>\n\n<p>\nAll processing happens locally using infrastructure you already control.\n<\/p>\n\n<h3>Recommended For<\/h3>\n\n<ul>\n    <li>Small businesses and personal websites<\/li>\n    <li>Non-profits and educational institutions<\/li>\n    <li>Shared hosting environments<\/li>\n    <li>Developers who want simple, dependency-free protection<\/li>\n    <li>Sites that require country blocking without paid services<\/li>\n<\/ul>\n\n<h3>About WPNatives<\/h3>\n\n<p>WPNatives develops practical, security-focused tools for WordPress site owners who value stability, performance, and transparency.<\/p>\n\n<p>Our plugins are designed to be lightweight, self-contained, and standards-compliant, with a focus on protecting WordPress sites without introducing unnecessary complexity, external dependencies, or recurring costs. We prioritize clean code, predictable behavior, and compatibility with common hosting environments.<\/p>\n\n<p>Our goal is to help individuals, nonprofits, small businesses, and agencies improve their site security and resilience using solutions that are easy to understand and maintain.<\/p>\n\n<p>Learn more at <a href=\"https:\/\/wpnatives.com\">wpnatives.com<\/a> and explore our latest plugins, guides, and support resources.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>zero-budget-bot-shield<\/code> folder to the <code>\/wp-content\/plugins\/<\/code> directory.<\/li>\n<li>Activate the plugin through the 'Plugins' menu in WordPress.<\/li>\n<li>Navigate to <strong>Settings &gt; Bot Shield<\/strong>.<\/li>\n<li>Select countries to block. Geo-blocking requires either Cloudflare free plan or host-provided GeoIP headers.<\/li>\n<li>Save changes.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id='does%20this%20plugin%20block%20countries%20without%20using%20third-party%20apis%3F'><h3>Does this plugin block countries without using third-party APIs?<\/h3><\/dt>\n<dd><p><strong>Yes.<\/strong> Zero Budget Bot Shield blocks countries <em>without<\/em> using any third-party IP lookup or geolocation API.<\/p>\n\n<p>The plugin reads country codes directly from GeoIP headers already provided by your infrastructure, such as:<\/p>\n\n<ul> <li>Cloudflare IP country headers<\/li> <li>Hosting provider GeoIP headers<\/li> <li>Server-level GeoIP integrations<\/li> <\/ul>\n\n<p>No external requests are made, and no visitor IP addresses are sent outside your website.<\/p><\/dd>\n<dt id='does%20zero%20budget%20bot%20shield%20work%20with%20cloudflare%3F'><h3>Does Zero Budget Bot Shield work with Cloudflare?<\/h3><\/dt>\n<dd><p>Yes. If your site is behind Cloudflare, the plugin automatically uses Cloudflare\u2019s country header to detect visitor location.<\/p>\n\n<p>There is no additional configuration required beyond having Cloudflare enabled on your domain.<\/p><\/dd>\n<dt id='will%20this%20plugin%20work%20without%20cloudflare%3F'><h3>Will this plugin work without Cloudflare?<\/h3><\/dt>\n<dd><p>Yes, provided your hosting environment supplies GeoIP country headers.<\/p>\n\n<p>Many managed WordPress hosts and VPS setups already expose these headers at the server level. If no GeoIP headers are detected, the plugin will clearly notify you in the admin dashboard.<\/p><\/dd>\n<dt id='what%20happens%20if%20geoip%20headers%20are%20not%20available%3F'><h3>What happens if GeoIP headers are not available?<\/h3><\/dt>\n<dd><p>If GeoIP headers are not present, country-based blocking will not activate. However:<\/p>\n\n<ul> <li>404 abuse protection will continue to function normally<\/li> <li>No errors or site breakage will occur<\/li> <li>The plugin will display a clear status notice in the admin panel<\/li> <\/ul>\n\n<p>This ensures safe operation even on minimal hosting setups.<\/p><\/dd>\n<dt id='what%20is%20404%20abuse%20protection%20and%20how%20does%20it%20work%3F'><h3>What is 404 abuse protection and how does it work?<\/h3><\/dt>\n<dd><p>404 abuse protection defends your site against bots that repeatedly request non-existent URLs.<\/p>\n\n<p>Zero Budget Bot Shield monitors repeated 404 responses per IP and automatically blocks abusive requests when configurable thresholds are exceeded.<\/p>\n\n<p>This helps reduce:<\/p>\n\n<ul> <li>Unnecessary server load<\/li> <li>Log pollution<\/li> <li>Bot-driven crawling and probing<\/li> <\/ul><\/dd>\n<dt id='can%20i%20control%20the%20404%20block%20limits%3F'><h3>Can I control the 404 block limits?<\/h3><\/dt>\n<dd><p>Yes. You can configure:<\/p>\n\n<ul> <li>Maximum allowed 404 requests<\/li> <li>Time window for detection<\/li> <\/ul>\n\n<p>These settings allow you to tune protection based on your traffic patterns.<\/p><\/dd>\n<dt id='is%20this%20plugin%20lightweight%20and%20low%20on%20resources%3F'><h3>Is this plugin lightweight and low on resources?<\/h3><\/dt>\n<dd><p>Absolutely. Zero Budget Bot Shield is designed for minimal resource usage.<\/p>\n\n<p>It does not:<\/p>\n\n<ul> <li>Load front-end scripts or styles<\/li> <li>Run background cron jobs<\/li> <li>Query external services<\/li> <li>Use heavy JavaScript frameworks<\/li> <\/ul>\n\n<p>All logic executes only when relevant requests occur.<\/p><\/dd>\n<dt id='does%20this%20plugin%20slow%20down%20my%20website%3F'><h3>Does this plugin slow down my website?<\/h3><\/dt>\n<dd><p>No. When configured correctly, the plugin adds negligible overhead.<\/p>\n\n<p>Because it relies on existing request headers and simple conditional logic, performance impact is minimal compared to API-based security plugins.<\/p><\/dd>\n<dt id='does%20this%20plugin%20log%20visitor%20ip%20addresses%3F'><h3>Does this plugin log visitor IP addresses?<\/h3><\/dt>\n<dd><p>No personal data is stored.<\/p>\n\n<p>The plugin records aggregated block statistics by country and reason only. Individual IP addresses are not logged, stored, or exported.<\/p>\n\n<p>This makes the plugin suitable for privacy-conscious sites.<\/p><\/dd>\n<dt id='is%20zero%20budget%20bot%20shield%20gdpr-friendly%3F'><h3>Is Zero Budget Bot Shield GDPR-friendly?<\/h3><\/dt>\n<dd><p>Yes. Because no personal data is transmitted to third-party services and no IP addresses are stored, the plugin aligns well with privacy regulations such as GDPR.<\/p>\n\n<p>Always consult your legal advisor for compliance requirements specific to your site.<\/p><\/dd>\n<dt id='are%20any%20features%20locked%20behind%20a%20paywall%3F'><h3>Are any features locked behind a paywall?<\/h3><\/dt>\n<dd><p>No.<\/p>\n\n<p>Zero Budget Bot Shield is completely free. All features are included, enabled, and usable without:<\/p>\n\n<ul> <li>Subscriptions<\/li> <li>Licenses<\/li> <li>Upgrade prompts<\/li> <li>Hidden limitations<\/li> <\/ul><\/dd>\n<dt id='does%20this%20plugin%20require%20an%20api%20key%3F'><h3>Does this plugin require an API key?<\/h3><\/dt>\n<dd><p>No API keys are required. This plugin does not connect to external services and does not transmit visitor data off-site.<\/p>\n\n<p>There are no accounts to create, no services to sign up for, and no usage quotas.<\/p><\/dd>\n<dt id='can%20i%20export%20block%20statistics%3F'><h3>Can I export block statistics?<\/h3><\/dt>\n<dd><p>Yes. Blocked event statistics can be exported as a CSV file directly from the WordPress admin area for reporting or analysis.<\/p><\/dd>\n<dt id='is%20this%20plugin%20safe%20to%20use%20on%20shared%20hosting%3F'><h3>Is this plugin safe to use on shared hosting?<\/h3><\/dt>\n<dd><p>Yes. The plugin is well-suited for shared hosting environments due to its low resource usage and absence of background processes.<\/p><\/dd>\n<dt id='does%20this%20plugin%20follow%20wordpress.org%20coding%20standards%3F'><h3>Does this plugin follow WordPress.org coding standards?<\/h3><\/dt>\n<dd><p>Yes. Zero Budget Bot Shield:<\/p>\n\n<ul> <li>Uses WordPress Settings API<\/li> <li>Uses nonces and capability checks<\/li> <li>Avoids bundled third-party libraries<\/li> <li>Follows WordPress.org plugin review guidelines<\/li> <\/ul><\/dd>\n<dt id='who%20is%20this%20plugin%20best%20suited%20for%3F'><h3>Who is this plugin best suited for?<\/h3><\/dt>\n<dd><p>This plugin is ideal for:<\/p>\n\n<ul> <li>Small businesses<\/li> <li>Non-profits and community organizations<\/li> <li>Personal websites and blogs<\/li> <li>Developers who prefer self-contained tools<\/li> <li>Sites needing geo blocking without paid services<\/li> <\/ul><\/dd>\n<dt id='how%20do%20i%20enable%20geoip%20country%20detection%20on%20my%20server%3F'><h3>How do I enable GeoIP country detection on my server?<\/h3><\/dt>\n<dd><p>Zero Budget Bot Shield relies on GeoIP country headers provided by your web server or CDN. Many modern hosting providers already enable GeoIP by default, so no action is required in most cases.<\/p>\n\n<p>If GeoIP headers are not detected, and your host supports Apache GeoIP or GeoIP2, you may be able to enable it by adding a simple directive to your .htaccess file.<\/p>\n\n<p><strong>GeoIPEnable On<\/strong><\/p>\n\n<p>After saving the file, refresh your WordPress admin page and revisit the plugin settings. If GeoIP headers are available, the plugin will automatically begin detecting visitor countries.<\/p>\n\n<p>Important notes:<\/p>\n\n<ul>\n<li>Not all hosting environments support GeoIP via .htaccess<\/li> \n\n<li>Some managed hosts enable GeoIP globally and do not allow manual configuration<\/li> \n\n<li>If you are unsure, contact your hosting provider and ask whether GeoIP or GeoIP2 headers are enabled<\/li> \n\n<li>If you are using Cloudflare, GeoIP headers are enabled automatically on supported plans<\/li> \n\n<li>The plugin will clearly indicate in the admin area whether GeoIP headers are detected, so you always know if country-based blocking is active.<\/li> \n<\/ul><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<\/ul>","raw_excerpt":"Free, lightweight WordPress plugin that blocks bots by country and prevents abuse via repeated 404 errors. Perfect for small organizations.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/273974","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=273974"}],"author":[{"embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/wppropress"}],"wp:attachment":[{"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=273974"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=273974"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=273974"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=273974"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=273974"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/cn.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=273974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}