{"id":303231,"date":"2026-04-29T13:15:30","date_gmt":"2026-04-29T13:15:30","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/voho-bot-manager\/"},"modified":"2026-04-29T13:13:51","modified_gmt":"2026-04-29T13:13:51","slug":"voho-bot-manager","status":"publish","type":"plugin","link":"https:\/\/sq.wordpress.org\/plugins\/voho-bot-manager\/","author":23484172,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.2.0","stable_tag":"trunk","tested":"6.9.4","requires":"6.2","requires_php":"7.4","requires_plugins":null,"header_name":"Voho bot manager","header_author":"Voho","header_description":"Stop OpenClaw-class AI crawlers and allied headless automation before they harvest your site: enforce HTTP 403 at the WordPress edge and stream every decision into a durable, audit-ready interception log for security and operations teams.","assets_banners_color":"","last_updated":"2026-04-29 13:13:51","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/voho.site","rating":0,"author_block_rating":0,"active_installs":0,"downloads":68,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":[],"upgrade_notice":{"1.2.0":"<p>Tighter server-side rules for script HTTP clients; search crawlers on the allowlist stay unaffected.<\/p>","1.1.0":"<p>Re-save Permalinks once (Settings \u2192 Permalinks \u2192 Save) so the <code>\/voho-bot-forbidden\/<\/code> route works.<\/p>","1.0.5":"<p>403 responses now use a themed HTML page (and JSON for REST). Interception runs after the theme loads.<\/p>","1.0.4":"<p>Requires WordPress 6.2 or newer (identifier placeholders in database queries).<\/p>","1.0.3":"<p>Timezone-aware display for log timestamps.<\/p>"},"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":[],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Intercepted requests log table in the WordPress admin."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[563,1174,396,600,4351],"plugin_category":[54],"plugin_contributors":[261408],"plugin_business_model":[],"class_list":["post-303231","plugin","type-plugin","status-publish","hentry","plugin_tags-administration","plugin_tags-firewall","plugin_tags-privacy","plugin_tags-security","plugin_tags-utilities","plugin_category-security-and-spam-protection","plugin_contributors-voho8","plugin_committers-voho8"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/voho-bot-manager.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>Voho bot manager<\/strong> hardens WordPress against the new wave of <strong>AI-driven crawlers<\/strong>\u2014including stacks associated with <strong>OpenClaw<\/strong>\u2014that attempt to scrape, snapshot, and probe your content through non-interactive, headless browsing pipelines.<\/p>\n\n<p>When a high-risk automation session is identified, the plugin <strong>terminates the request with HTTP 403<\/strong>, returns a concise English denial page, and <strong>persists structured telemetry<\/strong> (UTC timestamp, client IP, requested URL, and an intercepted flag reserved for richer policy engines) inside <code>{prefix}voho_bot_manager_intercepted_log<\/code>.<\/p>\n\n<p><strong>Operational visibility<\/strong><\/p>\n\n<ul>\n<li>Dedicated <strong>Voho Bot Manager<\/strong> admin hub with paginated history.<\/li>\n<li>Timestamps rendered in your configured WordPress timezone so responders can correlate events quickly.<\/li>\n<li><strong>View log<\/strong> shortcut on the Plugins screen for one-click access.<\/li>\n<\/ul>\n\n<p><strong>Roadmap-aware positioning:<\/strong> automated threat actors evolve weekly; Voho bot manager ships iterative detection upgrades so your perimeter keeps pace with emerging AI browsing agents without waiting for a full rewrite.<\/p>\n\n<p>OpenClaw and similar names refer to widely discussed AI browsing ecosystems; Voho bot manager is an independent security tool and is not affiliated with any third-party vendor.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>voho-bot-manager<\/code> folder to <code>\/wp-content\/plugins\/<\/code>.<\/li>\n<li>Activate <strong>Voho bot manager<\/strong> through the <strong>Plugins<\/strong> menu in WordPress.<\/li>\n<li>Open <strong>Voho Bot Manager<\/strong> in the admin sidebar (or use <strong>View log<\/strong> on the plugin row) to review intercepted requests.<\/li>\n<\/ol>\n\n<p>On activation the plugin creates the <code>{prefix}voho_bot_manager_intercepted_log<\/code> table automatically.<\/p>\n\n<!--section=faq-->\n<dl>\n<dt id=\"how%20does%20this%20help%20against%20openclaw-style%20ai%20crawlers%3F\"><h3>How does this help against OpenClaw-style AI crawlers?<\/h3><\/dt>\n<dd><p>The plugin blocks the non-human automation paths these agents rely on, answers with HTTP 403, and logs each attempt so you can audit abuse, tune upstream controls, and brief stakeholders with concrete evidence.<\/p><\/dd>\n<dt id=\"will%20it%20catch%20every%20crawler%20on%20the%20internet%3F\"><h3>Will it catch every crawler on the internet?<\/h3><\/dt>\n<dd><p>No defensive layer can promise universal coverage. Voho bot manager focuses on the high-risk automation families behind modern AI scrapers and continuously expands detection as new behaviours appear.<\/p><\/dd>\n<dt id=\"does%20the%20plugin%20work%20with%20caching%20or%20cdn%20layers%3F\"><h3>Does the plugin work with caching or CDN layers?<\/h3><\/dt>\n<dd><p>If a cache or proxy serves a response without executing WordPress\/PHP for matching requests, interception must happen at that layer instead. Otherwise behaviour is unchanged.<\/p><\/dd>\n<dt id=\"what%20data%20is%20stored%3F\"><h3>What data is stored?<\/h3><\/dt>\n<dd><p>Each intercepted request stores UTC time, client IP (or the first value from <code>X-Forwarded-For<\/code> when present), full requested URL, and a boolean intercepted flag.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.2.0<\/h4>\n\n<ul>\n<li>Server-side blocking uses automation User-Agent patterns (e.g. python-requests, Go-http-client, curl, HeadlessChrome) while allowlisting common search\/index crawlers (Google, Bing, Yandex, Baidu, etc.). Filters: <code>voho_bot_manager_search_bot_allowlist<\/code>, <code>voho_bot_manager_automation_ua_patterns<\/code>, <code>voho_bot_manager_should_block_request<\/code>.<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Split codebase into <code>includes\/<\/code> for maintainability; forbidden HTML lives in <code>templates\/forbidden.php<\/code>.<\/li>\n<li>Public forbidden screen at <code>\/voho-bot-forbidden\/<\/code> (flush permalinks after update) with plain-URL fallback.<\/li>\n<li>Front-end script <code>assets\/js\/bot-check.js<\/code> detects common automation signals in the browser and redirects to the forbidden screen (logged when <code>voho_js=1<\/code>).<\/li>\n<\/ul>\n\n<h4>1.0.5<\/h4>\n\n<ul>\n<li>Themed HTTP 403 page: loads the active (and parent, if child) theme stylesheet, uses block-theme CSS variables when present, and returns JSON errors for REST\/JSON requests.<\/li>\n<\/ul>\n\n<h4>1.0.4<\/h4>\n\n<ul>\n<li>Harden input handling (<code>wp_unslash<\/code>, sanitization), use <code>wpdb::prepare()<\/code> identifier placeholders for custom table queries, and document direct DB usage for Plugin Check.<\/li>\n<\/ul>\n\n<h4>1.0.3<\/h4>\n\n<ul>\n<li>Show log timestamps in the site timezone with an explanatory note.<\/li>\n<\/ul>\n\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Top-level admin menu and <strong>View log<\/strong> plugin action link.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Admin log viewer with pagination.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release: AI crawler mitigation, HTTP 403 enforcement, database log on activation.<\/li>\n<\/ul>","raw_excerpt":"Stop OpenClaw-class AI crawlers and allied headless automation: enforce HTTP 403 and keep an auditable interception log in WordPress.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/sq.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/303231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sq.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/sq.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/sq.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=303231"}],"author":[{"embeddable":true,"href":"https:\/\/sq.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/voho8"}],"wp:attachment":[{"href":"https:\/\/sq.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=303231"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/sq.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=303231"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/sq.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=303231"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/sq.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=303231"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/sq.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=303231"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/sq.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=303231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}