{"id":280303,"date":"2026-03-18T16:26:00","date_gmt":"2026-03-18T16:26:00","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/baskerville\/"},"modified":"2026-04-03T11:17:59","modified_gmt":"2026-04-03T11:17:59","slug":"baskerville-ai-security","status":"publish","type":"plugin","link":"https:\/\/pt-ao.wordpress.org\/plugins\/baskerville-ai-security\/","author":23410610,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.3","stable_tag":"1.0.3","tested":"6.9.4","requires":"6.2","requires_php":"7.4","requires_plugins":null,"header_name":"Baskerville AI Security","header_author":"eQualitie","header_description":"Advanced WordPress security plugin with AI bot detection, GeoIP access control, and Cloudflare Turnstile integration.","assets_banners_color":"ffc3bb","last_updated":"2026-04-03 11:17:59","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/wordpress.org\/plugins\/baskerville-ai-security\/","header_author_uri":"https:\/\/equalitie.org","rating":0,"author_block_rating":0,"active_installs":0,"downloads":188,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.2":{"tag":"1.0.2","author":"equalitie","date":"2026-03-18 17:54:53"},"1.0.3":{"tag":"1.0.3","author":"equalitie","date":"2026-04-03 11:17:59"}},"upgrade_notice":[],"ratings":[],"assets_icons":{"icon.svg":{"filename":"icon.svg","revision":3485903,"resolution":false,"location":"assets","locale":false}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3485978,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3485978,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.2","1.0.3"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[11324,362,1174,600,2419],"plugin_category":[44,54],"plugin_contributors":[183520,258049,258053],"plugin_business_model":[],"class_list":["post-280303","plugin","type-plugin","status-publish","hentry","plugin_tags-anti-bot","plugin_tags-captcha","plugin_tags-firewall","plugin_tags-security","plugin_tags-spam-protection","plugin_category-discussion-and-community","plugin_category-security-and-spam-protection","plugin_contributors-burdianov","plugin_contributors-equalitie","plugin_contributors-mazhurin","plugin_committers-equalitie"],"banners":{"banner":"https:\/\/ps.w.org\/baskerville-ai-security\/assets\/banner-772x250.png?rev=3485978","banner_2x":"https:\/\/ps.w.org\/baskerville-ai-security\/assets\/banner-1544x500.png?rev=3485978","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":"https:\/\/ps.w.org\/baskerville-ai-security\/assets\/icon.svg?rev=3485903","icon":"https:\/\/ps.w.org\/baskerville-ai-security\/assets\/icon.svg?rev=3485903","icon_2x":false,"generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Baskerville is a comprehensive WordPress security plugin that protects your site from malicious bots, AI crawlers, and unwanted traffic using multiple detection methods.<\/p>\n\n<p><strong>Key Features:<\/strong><\/p>\n\n<ul>\n<li><strong>AI Bot Detection<\/strong> - Intelligent classification of bots vs. humans with configurable score thresholds<\/li>\n<li><strong>GeoIP Access Control<\/strong> - Block or allow traffic by country (whitelist\/blacklist modes)<\/li>\n<li><strong>Cloudflare Turnstile<\/strong> - CAPTCHA challenge for borderline bot scores with precision analytics<\/li>\n<li><strong>Browser Fingerprinting<\/strong> - Advanced client-side fingerprinting (Canvas, WebGL, Audio)<\/li>\n<li><strong>Honeypot Detection<\/strong> - Hidden links to catch AI crawlers<\/li>\n<li><strong>Real-Time Analytics<\/strong> - Live feed, traffic statistics, and Turnstile precision metrics<\/li>\n<li><strong>Under Attack Mode<\/strong> - Emergency mode to challenge all visitors during attacks<\/li>\n<li><strong>IP Whitelist<\/strong> - Bypass firewall for trusted IPs<\/li>\n<li><strong>Form Protection<\/strong> - Protect login, registration, and comment forms with Turnstile<\/li>\n<\/ul>\n\n<p><strong>Bot Score System:<\/strong><\/p>\n\n<ul>\n<li>0-39: Likely human (allowed)<\/li>\n<li>40-70: Borderline (optional Turnstile challenge)<\/li>\n<li>71-100: Likely bot (blocked)<\/li>\n<\/ul>\n\n<p><strong>Performance:<\/strong><\/p>\n\n<ul>\n<li>Minimal overhead (~1ms with page cache, ~30-50ms without)<\/li>\n<li>APCu + file-based caching for GeoIP lookups<\/li>\n<li>Compatible with all major caching plugins<\/li>\n<\/ul>\n\n<h3>External Services<\/h3>\n\n<p>This plugin connects to the following third-party services:<\/p>\n\n<h4>Cloudflare Turnstile<\/h4>\n\n<p>When Turnstile is enabled, the plugin loads JavaScript from Cloudflare's servers to display CAPTCHA challenges:<\/p>\n\n<ul>\n<li>Service URL: https:\/\/challenges.cloudflare.com\/turnstile\/v0\/api.js<\/li>\n<li>Verification API: https:\/\/challenges.cloudflare.com\/turnstile\/v0\/siteverify<\/li>\n<li>Data sent: Turnstile token, visitor IP address<\/li>\n<li>Purpose: Human verification to prevent bot access<\/li>\n<li>Privacy Policy: https:\/\/www.cloudflare.com\/privacypolicy\/<\/li>\n<li>Terms of Service: https:\/\/www.cloudflare.com\/website-terms\/<\/li>\n<\/ul>\n\n<p>Turnstile is only loaded when you enable it in plugin settings and provide your Cloudflare API keys.<\/p>\n\n<h4>MaxMind GeoIP Database<\/h4>\n\n<p>When you use the one-click GeoIP database installer, the plugin downloads the GeoLite2-Country database from MaxMind:<\/p>\n\n<ul>\n<li>Database download URL: https:\/\/download.maxmind.com\/<\/li>\n<li>Data sent: Your MaxMind license key (required for database download)<\/li>\n<li>Purpose: Determine visitor country for geo-blocking features<\/li>\n<li>Privacy Policy: https:\/\/www.maxmind.com\/en\/privacy-policy<\/li>\n<li>Terms of Service: https:\/\/www.maxmind.com\/en\/geolite2\/eula<\/li>\n<\/ul>\n\n<p>The installer also downloads the MaxMind PHP libraries from GitHub:<\/p>\n\n<ul>\n<li>GeoIP2 PHP API: https:\/\/github.com\/maxmind\/GeoIP2-php\/archive\/refs\/tags\/v2.13.0.zip<\/li>\n<li>MaxMind DB Reader: https:\/\/github.com\/maxmind\/MaxMind-DB-Reader-php\/archive\/refs\/tags\/v1.11.1.zip<\/li>\n<li>These are open-source libraries used to read the local GeoIP database. No visitor data is sent to GitHub.<\/li>\n<li>GitHub Terms of Service: https:\/\/docs.github.com\/en\/site-policy\/github-terms\/github-terms-of-service<\/li>\n<li>GitHub Privacy Statement: https:\/\/docs.github.com\/en\/site-policy\/privacy-policies\/github-general-privacy-statement<\/li>\n<\/ul>\n\n<p>The database is stored locally on your server. No visitor data is sent to MaxMind during lookups.<\/p>\n\n<h3>Privacy<\/h3>\n\n<h4>Data Collected<\/h4>\n\n<p>This plugin collects and stores the following visitor data locally in your WordPress database:<\/p>\n\n<ul>\n<li>IP addresses<\/li>\n<li>Browser fingerprints (Canvas, WebGL, Audio hashes)<\/li>\n<li>User agent strings<\/li>\n<li>Country codes (derived from IP)<\/li>\n<li>Bot scores and classifications<\/li>\n<li>Timestamps of visits<\/li>\n<\/ul>\n\n<h4>Data Retention<\/h4>\n\n<p>Statistics are automatically deleted after the retention period you configure (default: 14 days). You can adjust this in Settings &gt; Baskerville &gt; Settings.<\/p>\n\n<h4>GDPR Compliance<\/h4>\n\n<ul>\n<li>All data is stored locally on your server<\/li>\n<li>No visitor data is shared with third parties (except Cloudflare when Turnstile verification occurs)<\/li>\n<li>Data retention is configurable<\/li>\n<li>Consider adding disclosure to your site's privacy policy<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin files to <code>\/wp-content\/plugins\/baskerville\/<\/code> or install via WordPress admin<\/li>\n<li>Activate the plugin through the 'Plugins' menu<\/li>\n<li>Go to Settings &gt; Baskerville to configure<\/li>\n<li>Install MaxMind GeoLite2 database for GeoIP features (one-click installer in Settings)<\/li>\n<li>(Optional) Configure Cloudflare Turnstile keys for CAPTCHA challenges<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"how%20do%20i%20set%20up%20geoip%20blocking%3F\"><h3>How do I set up GeoIP blocking?<\/h3><\/dt>\n<dd><p>Go to Settings &gt; Baskerville &gt; GeoIP, install the MaxMind database, then configure your country whitelist or blacklist.<\/p><\/dd>\n<dt id=\"how%20does%20turnstile%20work%3F\"><h3>How does Turnstile work?<\/h3><\/dt>\n<dd><p>Visitors with borderline bot scores (default 40-70) are shown a Cloudflare Turnstile challenge. If they pass, they're allowed through. This catches bots while minimizing friction for real users.<\/p><\/dd>\n<dt id=\"what%20is%20under%20attack%20mode%3F\"><h3>What is Under Attack Mode?<\/h3><\/dt>\n<dd><p>Emergency mode that shows Turnstile challenge to ALL visitors. Use this when your site is under active attack.<\/p><\/dd>\n<dt id=\"will%20this%20slow%20down%20my%20site%3F\"><h3>Will this slow down my site?<\/h3><\/dt>\n<dd><p>With page caching enabled, overhead is near zero. Without caching, expect ~30-50ms overhead per request.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Replaced hardcoded Ajax\/REST paths with wp_doing_ajax(), REST_REQUEST and rest_get_url_prefix().<\/li>\n<li>Replaced direct require_once of class-pclzip.php with WordPress unzip_file() API.<\/li>\n<li>Replaced WP_CONTENT_DIR usage with wp_upload_dir() for GeoIP database paths.<\/li>\n<li>Changed REST \/fp permission_callback to __return_true (intentionally public endpoint).<\/li>\n<li>Made nonce validation mandatory in REST fingerprint handler (fail-early on missing nonce).<\/li>\n<li>Added nonce and current_user_can('manage_options') checks to debug widget toggle.<\/li>\n<li>Removed DONOTCACHEPAGE global constant definition.<\/li>\n<li>Removed unsanitized $_COOKIE processing from debug headers; now checks only specific plugin cookies.<\/li>\n<li>Documented MaxMind GitHub library downloads in readme External Services section.<\/li>\n<li>Removed external URL from test User-Agent strings.<\/li>\n<\/ul>\n\n<h4>1.0.1<\/h4>\n\n<ul>\n<li>Added support for the Deflect GeoIP database.<\/li>\n<li>Made all hardcoded text fully translatable.<\/li>\n<li>Renamed the plugin to Baskerville AI Security.<\/li>\n<li>Moved all inline scripts and styles to proper wp_enqueue_script() \/ wp_enqueue_style() usage.<\/li>\n<li>Updated Chart.js to v4.5.1.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<p>Initial release.<\/p>","raw_excerpt":"Advanced WordPress security plugin with AI bot detection, GeoIP access control, and Cloudflare Turnstile integration.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/280303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=280303"}],"author":[{"embeddable":true,"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/equalitie"}],"wp:attachment":[{"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=280303"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=280303"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=280303"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=280303"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=280303"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/pt-ao.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=280303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}