SpotBot was created for the purpose of controlling spam before it clutters up your server. Gone are the days of constant comments about Gucci bags in broken English. SpotBot not only stops spam from comments, but also stops bots from creating fake accounts or even logging in, but the fun doesn't stop there! A custom action has been built in so you can add it into any template to stop access to that page!

Change Log

v 0.1.8
  • Fixed IP Cleanup
  • all IP's set to be cleaned from DB will only be removed if the notes section is empty
  • added debug mode for easier development
  • tested and working for WP 3.7.1
v 0.1.7
  • Initial release


Download the current SpotBot zip from above.  Extract and move the resulting spotbot directory into your '/wp-content/plugins' directory.  Click install from your installed plugins menu within Wordpress.  Be sure to request an API Key from BotScout!


So how does it work?

Every task that starts or ends in WordPress starts with an action! SpotBot utilizes these actions, to gain control over who has access to your site! But how can it tell who's bad and who's good? SpotBot uses a service from BotScout to determine who the baddies are. They have allowed public access to their database through an API that SpotBot utilizes. This API access is limited though, and only allows around 300 queries to it in any 24-hour period. You could pay BotScout for more access as they're fairly cheap, but to help them keep their costs down and help you have control over your visitors, all IP's are logged to your database. Each time a returning IP is found, it checks the cache first and if nothing is found checks BotScout for more information.

It's as simple as that, SpotBot can be a set-it-and-forget-it plugin, but it can be more than that. Have a problem with a particular user that keeps making user accounts? Flag them as a bot! The harder they try, the more flags they generate and the higher they go on the bot score!

SpotBot comes with a built in search function to make finding those troublesome bots easier than ever. Don't want to save the IP in a list of trouble makers? Make a note of them in each IPs note section for easy searching. Can only remember the first 3 digits of the IP address? Search for it!


What can it do for me?

Spotbot will do anything it can to help you in your fight against spam and bots. The list below should give you a better understanding of what SpotBot can do for you.

  1. Spammers are blocked from:

    • Logging in
    • Registering
    • Requesting a Lost Password
    • Submitting Comments
    • Submitting Trackbacks

  2. Spammers are blocked in one of two ways:

    • Blocked from accessing the comment/login form on the physical site
    • Blocked from accessing the physical php files used to post comments or login

  3. The Administrator has control over:

    • Change the status of an individual IP to Human or Bot
    • Add notes to an individual IP
    • Search for a keyword in Notes or an IP address
    • The warning message that is output to blocked IP's
    • Auto-prune the database by a user defined amount in months

As you can see, SpotBot is well suited for stopping unwanted traffic before it becomes a problem. Eventually after so many failures, a bot will move on and hopefully never return. That's why I built in the auto-prune feature. When I first installed SpotBot on my personal site, the first two days produced over 200 individual IPs and each bot had several dozen hits each! From this, I saw a developing issue of sustainability from SpotBot. On one hand you want to keep as many IPs as possible, on the other hand you want to keep your database footprint small. Thus the Auto-prune feature was added! With Auto-prune enabled, you can have old IPs deleted from the database that are older than any amount of months you specify. By default, Auto-prune is disabled with a monthly setting of 6 months.

Worried that recurring IPs will be deleted? Don't, every time a bot attacks your site a new time-stamp is generated and updated to keep the most current and active bots to the top of your list! Human users are only logged once, and are generally discarded after the set monthly period. This keeps your server happy, healthy, and up-to-date


What are the cons?

Other than a few disgruntled users that surf the internet from a proxy, nothing! I suppose you could figure the extra queries add an extra .024 seconds to each page load, but isn't it worth it? Wouldn't you like a site that's low maintenance, don't you deserve it? SpotBot thinks you do!

Recent news about this project