{"id":278592,"date":"2026-03-14T01:02:47","date_gmt":"2026-03-14T01:02:47","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/ai-scraper-blocker\/"},"modified":"2026-03-14T01:02:17","modified_gmt":"2026-03-14T01:02:17","slug":"scraperguard","status":"publish","type":"plugin","link":"https:\/\/pcd.wordpress.org\/plugins\/scraperguard\/","author":20972668,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.0","stable_tag":"1.0.0","tested":"6.9.4","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"ScraperGuard - AI Scraper Blocker","header_author":"kneet","header_description":"Block AI scrapers by User-Agent. Optional Apache .htaccess rules and WordPress-level blocking with basic stats.","assets_banners_color":"","last_updated":"2026-03-14 01:02:17","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/profiles.wordpress.org\/kneet\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":153,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"kneet","date":"2026-03-14 01:02:17"}},"upgrade_notice":{"1.0.0":"<p>Initial release. Block AI scrapers by User-Agent with optional .htaccess or WordPress-level blocking.<\/p>"},"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2353,4866,1329,7677,5128],"plugin_category":[],"plugin_contributors":[226711],"plugin_business_model":[],"class_list":["post-278592","plugin","type-plugin","status-publish","hentry","plugin_tags-ai","plugin_tags-bots","plugin_tags-htaccess","plugin_tags-scraper","plugin_tags-user-agent","plugin_contributors-kneet","plugin_committers-kneet"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/scraperguard.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p>ScraperGuard helps you block known AI scrapers (often called \u201cgood bots\u201d) by matching their User-Agent string.<\/p>\n\n<p>You can:<\/p>\n\n<ul>\n<li>Select specific bots to block, or block all known bots.<\/li>\n<li>Add your own custom User-Agent substrings (one per line).<\/li>\n<li>Block via Apache <code>.htaccess<\/code> (fast, before WordPress loads) <strong>or<\/strong> via WordPress-level blocking (can show basic stats).<\/li>\n<\/ul>\n\n<p>Important notes:<\/p>\n\n<ul>\n<li>This plugin can block \u201cgood bots\u201d that identify themselves. It cannot stop \u201cbad bots\u201d that ignore rules and\/or spoof User-Agents. For that you may need additional security measures (WAF, rate limiting, bot protection).<\/li>\n<li><code>.htaccess<\/code> blocking works on Apache hosting only, and requires a writable <code>.htaccess<\/code> file.<\/li>\n<li>WordPress-level blocking only affects requests that reach WordPress (it won\u2019t block direct hits to static files unless they route through WordPress).<\/li>\n<li>Country blocking (geo blocking) can use a country header (fast) or an IP lookup (works without Cloudflare but is slower).<\/li>\n<\/ul>\n\n<p>The settings page is under <strong>Tools \u2192 ScraperGuard<\/strong>.<\/p>\n\n<h3>External Services<\/h3>\n\n<p>This plugin can optionally connect to third-party IP geolocation services to determine the visitor's country for country-based blocking. This feature is <strong>disabled by default<\/strong> and only activates when you explicitly enable \"Country blocking\" in the settings.<\/p>\n\n<p><strong>When country blocking is enabled and the \"Country detection method\" is set to \"Auto\" or \"IP lookup\":<\/strong><\/p>\n\n<ul>\n<li><strong>Service used<\/strong>: The plugin uses either ipwho.is or ipapi.co (configurable in settings)<\/li>\n<li><strong>Data sent<\/strong>: The visitor's IP address is sent to the selected service<\/li>\n<li><strong>When data is sent<\/strong>: Only when a request is received and no country header is available from your server\/proxy<\/li>\n<li><strong>Purpose<\/strong>: To determine the visitor's country code (ISO-2) for geo-blocking<\/li>\n<li><strong>Caching<\/strong>: Results are cached locally for 24 hours by default (configurable 1-168 hours) to minimize requests<\/li>\n<li><strong>Privacy<\/strong>: IP addresses are sent to external services. Ensure compliance with your privacy policy and local regulations.<\/li>\n<\/ul>\n\n<p><strong>ipwho.is (default provider):<\/strong>\n* Service provider: ipwho.is\n* Privacy policy: https:\/\/ipwho.is\/\n* Terms of service: https:\/\/ipwho.is\/\n* No API key required<\/p>\n\n<p><strong>ipapi.co (alternative provider):<\/strong>\n* Service provider: ipapi.co\n* Privacy policy: https:\/\/ipapi.co\/privacy\/\n* Terms of service: https:\/\/ipapi.co\/terms\/\n* No API key required for basic usage<\/p>\n\n<p><strong>Important<\/strong>: If you keep the \"Country detection method\" set to \"Header only\" (the default), or if you don't enable country blocking at all, no data is sent to external services.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the folder <code>scraperguard<\/code> to your <code>\/wp-content\/plugins\/<\/code> directory.<\/li>\n<li>Activate the plugin in WordPress.<\/li>\n<li>Go to <strong>Tools \u2192 ScraperGuard<\/strong>.<\/li>\n<li>Choose which bots you want to block (or \u201cblock all known bots\u201d).<\/li>\n<li>Pick your blocking method:\n\n<ul>\n<li>Enable Apache <code>.htaccess<\/code> blocking (fastest) if your host supports it, and\/or<\/li>\n<li>Enable WordPress-level blocking (for basic stats).<\/li>\n<\/ul><\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"can%20i%20block%20all%20ai%20scrapers%20at%20once%3F\"><h3>Can I block all AI scrapers at once?<\/h3><\/dt>\n<dd><p>Yes. Enable \u201cBlock all known AI\/archiver bots\u201d.<\/p><\/dd>\n<dt id=\"will%20this%20stop%20malicious%20bots%3F\"><h3>Will this stop malicious bots?<\/h3><\/dt>\n<dd><p>Not reliably. \u201cBad bots\u201d may ignore robots.txt and can spoof User-Agent strings. Consider a WAF, rate limiting, login protection, and server-side security rules.<\/p><\/dd>\n<dt id=\"can%20i%20block%20whole%20countries%3F\"><h3>Can I block whole countries?<\/h3><\/dt>\n<dd><p>Sometimes. The plugin supports optional country blocking at WordPress level. For best results, set \u201cCountry detection method\u201d to \u201cAuto\u201d or \u201cIP lookup\u201d. Note that IP lookup needs outbound HTTPS from your server and may have privacy implications.<\/p><\/dd>\n<dt id=\"does%20%60.htaccess%60%20mode%20work%20on%20every%20host%3F\"><h3>Does `.htaccess` mode work on every host?<\/h3><\/dt>\n<dd><p>No. It requires Apache + <code>AllowOverride<\/code> + a writable <code>.htaccess<\/code>. On Nginx, <code>.htaccess<\/code> is ignored; use WordPress-level blocking or configure your server rules manually.<\/p><\/dd>\n<dt id=\"why%20don%E2%80%99t%20the%20stats%20include%20%60.htaccess%60%20blocks%3F\"><h3>Why don\u2019t the stats include `.htaccess` blocks?<\/h3><\/dt>\n<dd><p>Because <code>.htaccess<\/code> blocks requests before WordPress runs. WordPress cannot count requests it never sees. Use your server logs for that.<\/p><\/dd>\n<dt id=\"can%20i%20see%20traffic%20%2F%20blocks%20in%20a%20graph%3F\"><h3>Can I see traffic \/ blocks in a graph?<\/h3><\/dt>\n<dd><p>The plugin includes a simple \u201clast 14 days\u201d bar overview and a small table for WordPress-level blocks. For accurate totals (including <code>.htaccess<\/code> blocks), use server logs or analytics.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<\/ul>","raw_excerpt":"Block \u201cgood bots\u201d (AI scrapers) by User-Agent. Optional Apache .htaccess rules and WordPress-level blocking with basic stats.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/278592","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=278592"}],"author":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/kneet"}],"wp:attachment":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=278592"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=278592"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=278592"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=278592"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=278592"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=278592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}