Title: Baskerville AI Security Author: eQualitie Published: 18 มีนาคม 2026 Last modified: 28 พฤษภาคม 2026 --- Search plugins ![](https://ps.w.org/baskerville-ai-security/assets/banner-772x250.png?rev=3485978) ![](https://ps.w.org/baskerville-ai-security/assets/icon.svg?rev=3485903) # Baskerville AI Security By [eQualitie](https://profiles.wordpress.org/equalitie/) [Download](https://downloads.wordpress.org/plugin/baskerville-ai-security.1.0.4.zip) * [Details](https://th.wordpress.org/plugins/baskerville-ai-security/#description) * [Reviews](https://th.wordpress.org/plugins/baskerville-ai-security/#reviews) * [Installation](https://th.wordpress.org/plugins/baskerville-ai-security/#installation) * [Development](https://th.wordpress.org/plugins/baskerville-ai-security/#developers) [Support](https://wordpress.org/support/plugin/baskerville-ai-security/) ## Description Baskerville is a comprehensive WordPress security plugin that protects your site from malicious bots, AI crawlers, and unwanted traffic using multiple detection methods. **Key Features:** * **AI Bot Detection** – Intelligent classification of bots vs. humans with configurable score thresholds * **GeoIP Access Control** – Block or allow traffic by country (whitelist/blacklist modes) * **Cloudflare Turnstile** – CAPTCHA challenge for borderline bot scores with precision analytics * **Browser Fingerprinting** – Advanced client-side fingerprinting (Canvas, WebGL, Audio) * **Honeypot Detection** – Hidden links to catch AI crawlers * **Real-Time Analytics** – Live feed, traffic statistics, and Turnstile precision metrics * **Under Attack Mode** – Emergency mode to challenge all visitors during attacks * **IP Whitelist** – Bypass firewall for trusted IPs * **Form Protection** – Protect login, registration, and comment forms with Turnstile **Bot Score System:** * 0-39: Likely human (allowed) * 40-70: Borderline (optional Turnstile challenge) * 71-100: Likely bot (blocked) **Performance:** * Minimal overhead (~1ms with page cache, ~30-50ms without) * APCu + file-based caching for GeoIP lookups * Compatible with all major caching plugins ### External Services This plugin connects to the following third-party services: #### Cloudflare Turnstile When Turnstile is enabled, the plugin loads JavaScript from Cloudflare’s servers to display CAPTCHA challenges: * Service URL: https://challenges.cloudflare.com/turnstile/v0/api.js * Verification API: https://challenges.cloudflare.com/turnstile/v0/siteverify * Data sent: Turnstile token, visitor IP address * Purpose: Human verification to prevent bot access * Privacy Policy: https://www.cloudflare.com/privacypolicy/ * Terms of Service: https://www.cloudflare.com/website-terms/ Turnstile is only loaded when you enable it in plugin settings and provide your Cloudflare API keys. #### MaxMind GeoIP Database When you use the one-click GeoIP database installer, the plugin downloads the GeoLite2- Country database from MaxMind: * Database download URL: https://download.maxmind.com/ * Data sent: Your MaxMind license key (required for database download) * Purpose: Determine visitor country for geo-blocking features * Privacy Policy: https://www.maxmind.com/en/privacy-policy * Terms of Service: https://www.maxmind.com/en/geolite2/eula The installer also downloads the MaxMind PHP libraries from GitHub: * GeoIP2 PHP API: https://github.com/maxmind/GeoIP2-php/archive/refs/tags/v2.13.0. zip * MaxMind DB Reader: https://github.com/maxmind/MaxMind-DB-Reader-php/archive/refs/ tags/v1.11.1.zip * These are open-source libraries used to read the local GeoIP database. No visitor data is sent to GitHub. * GitHub Terms of Service: https://docs.github.com/en/site-policy/github-terms/ github-terms-of-service * GitHub Privacy Statement: https://docs.github.com/en/site-policy/privacy-policies/ github-general-privacy-statement The database is stored locally on your server. No visitor data is sent to MaxMind during lookups. ### Privacy #### Data Collected This plugin collects and stores the following visitor data locally in your WordPress database: * IP addresses * Browser fingerprints (Canvas, WebGL, Audio hashes) * User agent strings * Country codes (derived from IP) * Bot scores and classifications * Timestamps of visits #### Data Retention Statistics are automatically deleted after the retention period you configure (default: 14 days). You can adjust this in Settings > Baskerville > Settings. #### GDPR Compliance * All data is stored locally on your server * No visitor data is shared with third parties (except Cloudflare when Turnstile verification occurs) * Data retention is configurable * Consider adding disclosure to your site’s privacy policy ## Installation 1. Upload the plugin files to `/wp-content/plugins/baskerville/` or install via WordPress admin 2. Activate the plugin through the ‘Plugins’ menu 3. Go to Settings > Baskerville to configure 4. Install MaxMind GeoLite2 database for GeoIP features (one-click installer in Settings) 5. (Optional) Configure Cloudflare Turnstile keys for CAPTCHA challenges ## FAQ ### How do I set up GeoIP blocking? Go to Settings > Baskerville > GeoIP, install the MaxMind database, then configure your country whitelist or blacklist. ### How does Turnstile work? Visitors with borderline bot scores (default 40-70) are shown a Cloudflare Turnstile challenge. If they pass, they’re allowed through. This catches bots while minimizing friction for real users. ### What is Under Attack Mode? Emergency mode that shows Turnstile challenge to ALL visitors. Use this when your site is under active attack. ### Will this slow down my site? With page caching enabled, overhead is near zero. Without caching, expect ~30-50ms overhead per request. ## Reviews There are no reviews for this plugin. ## Contributors & Developers “Baskerville AI Security” is open source software. The following people have contributed to this plugin. Contributors * [ eQualitie ](https://profiles.wordpress.org/equalitie/) * [ Ion Burdianov ](https://profiles.wordpress.org/burdianov/) * [ mazhurin ](https://profiles.wordpress.org/mazhurin/) [Translate “Baskerville AI Security” into your language.](https://translate.wordpress.org/projects/wp-plugins/baskerville-ai-security) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/baskerville-ai-security/), check out the [SVN repository](https://plugins.svn.wordpress.org/baskerville-ai-security/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/baskerville-ai-security/) by [RSS](https://plugins.trac.wordpress.org/log/baskerville-ai-security/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.0.4 * Altcha PoW challenge support — self-hosted, privacy-friendly, works out of the box * Altcha widget on login, registration and comment forms * Login form protection stats in Analytics dashboard * AI crawlers IP verification via published IP ranges and reverse DNS * AI spoofers detection — crawlers pretending to be legitimate AI bots with mismatched IP * Expanded AI company coverage * Fix: Meta crawlers (meta-externalagent) incorrectly flagged as spoofers on IPs without PTR records * Fix: Master switch OFF now correctly disables all blocking including honeypot and form challenges #### 1.0.3 * Deflect GEO IP support * JS burst counter fix (static files excluded) #### 1.0.2 * Replaced hardcoded Ajax/REST paths with wp_doing_ajax(), REST_REQUEST and rest_get_url_prefix(). * Replaced direct require_once of class-pclzip.php with WordPress unzip_file() API. * Replaced WP_CONTENT_DIR usage with wp_upload_dir() for GeoIP database paths. * Changed REST /fp permission_callback to __return_true (intentionally public endpoint). * Made nonce validation mandatory in REST fingerprint handler (fail-early on missing nonce). * Added nonce and current_user_can(‘manage_options’) checks to debug widget toggle. * Removed DONOTCACHEPAGE global constant definition. * Removed unsanitized $_COOKIE processing from debug headers; now checks only specific plugin cookies. * Documented MaxMind GitHub library downloads in readme External Services section. * Removed external URL from test User-Agent strings. #### 1.0.1 * Added support for the Deflect GeoIP database. * Made all hardcoded text fully translatable. * Renamed the plugin to Baskerville AI Security. * Moved all inline scripts and styles to proper wp_enqueue_script() / wp_enqueue_style() usage. * Updated Chart.js to v4.5.1. #### 1.0.0 Initial release. ## Meta * Version **1.0.4** * Last updated **22 ชั่วโมง ago** * Active installations **Fewer than 10** * WordPress version ** 6.2 or higher ** * Tested up to **7.0** * PHP version ** 7.4 or higher ** * Language * [English (US)](https://wordpress.org/plugins/baskerville-ai-security/) * Tags * [anti-bot](https://th.wordpress.org/plugins/tags/anti-bot/)[captcha](https://th.wordpress.org/plugins/tags/captcha/) [firewall](https://th.wordpress.org/plugins/tags/firewall/)[security](https://th.wordpress.org/plugins/tags/security/) [spam protection](https://th.wordpress.org/plugins/tags/spam-protection/) * [Advanced View](https://th.wordpress.org/plugins/baskerville-ai-security/advanced/) ## Ratings No reviews have been submitted yet. [Your review](https://wordpress.org/support/plugin/baskerville-ai-security/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/baskerville-ai-security/reviews/) ## Contributors * [ eQualitie ](https://profiles.wordpress.org/equalitie/) * [ Ion Burdianov ](https://profiles.wordpress.org/burdianov/) * [ mazhurin ](https://profiles.wordpress.org/mazhurin/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/baskerville-ai-security/)