Complete List of User Parameters Checked by BotBlocker

BotBlocker uses a wide range of checks and parameters to accurately identify automated bots. Below is an exhaustive, detailed list of all the user parameters analyzed by BotBlocker for precise bot detection. Each check works as part of a layered system: the more signals match a bot profile, the higher the risk score assigned to that visitor. This approach lets BotBlocker separate real users from automated traffic with a high degree of accuracy, reducing false positives for legitimate visitors.

IP Address Checks

IP-level checks are the first line of defense. BotBlocker evaluates each incoming IP address against multiple criteria before any page content is served. According to Cloudflare research, a significant share of all web traffic comes from bots, and IP reputation data is one of the fastest ways to filter it.

• Blacklist and Whitelist IP: Checks if the IP address is explicitly blocked or allowed.
• ASN (Autonomous System Number): Verifies if IP belongs to known hosting providers or suspicious networks.
• Country and Region Detection: Geolocation checks for suspicious origins or mismatches.

HTTP Header Validation

HTTP headers carry a lot of information about the client making a request. Real browsers send a consistent and predictable set of headers. Automated tools often send incomplete or inconsistent header sets, which BotBlocker flags as suspicious. This check alone can catch a large portion of low-effort bots that do not bother to properly mimic a browser.

• User-Agent: Analyzed for known bot signatures, missing or malformed headers.
• Referer: Checks for valid referrers; detects fake or suspicious referrer patterns.
• Accept-Language: Validation for unusual or mismatched language preferences.
• Accept-Encoding: Ensures proper browser-specific encoding methods.

Reverse DNS (PTR) Verification

• Fake Search Engine Detection: Confirms legitimate search crawlers (e.g., Googlebot, Bingbot) by verifying PTR records. Bots that claim to be Googlebot but fail this check are blocked immediately. Google itself recommends using reverse DNS to verify its own crawler.

Browser Feature Checks (JavaScript-based)

• Canvas Fingerprinting: Analyzes canvas rendering inconsistencies typical for headless browsers.
• WebGL Fingerprinting: Detects unique GPU signatures that differ from genuine browsers.
• WebRTC Checks: Verifies WebRTC API support and behavior.
• Font Rendering Checks: Identifies anomalies in font rendering indicative of bots.
• Navigator Plugins: Checks the presence and plausibility of installed browser plugins.
• Incognito/Private Mode Detection: Identifies visitors using private/incognito modes.
• AdBlock Detection: Checks if the visitor is blocking ads or tracking scripts.

Browser Consistency Checks

• Screen Resolution: Validates the plausibility of screen dimensions.
• Browser Window Dimensions: Checks consistency of reported window size.
• Navigator and Platform Consistency: Validates the consistency between navigator properties (e.g., platform, user-agent, vendor).
• Browser Engine Checks: Detects automation tools such as Selenium, Puppeteer, PhantomJS.
• Webdriver Status: Checks the navigator.webdriver flag for automation indicators.

Timing and Performance Checks

Human users interact with pages in ways that are naturally irregular. They pause, scroll at varying speeds, and move the mouse in non-linear paths. Automated scripts tend to act at fixed intervals or unrealistically fast. BotBlocker measures these timing signals and compares them against expected human behavior ranges. See also OWASP guidance on automated attack patterns for context on why timing analysis matters.

• JS Execution Timing (Jitter Analysis): Detects unnatural timing patterns indicating automation.
• Page Load Time: Unusual page load and navigation patterns.
• Event Timing (Mouse, Scroll): Validates human-like interaction speed and behavior.

Cookie Verification

• Cookie Acceptance: Ensures cookies are supported and properly accepted by the browser.
• Session Cookie Checks: Detects unusual or tampered cookie states.

CAPTCHA and Interaction Checks

• Google reCAPTCHA v2 and reCAPTCHA v3 Scores: Utilizes Google’s evaluation to further identify bot-like behavior.
• Dynamic and Graphical Captchas: Validates user interaction to verify real-human responses.

Behavioral Analytics

Behavioral signals are among the most reliable indicators of automated traffic. BotBlocker collects data points across multiple interactions during a session and builds a behavior profile for each visitor. Patterns that deviate significantly from normal human activity are flagged for further review or immediate blocking.

• Navigation Patterns: Tracks unusual browsing sequences and page access patterns.
• Form Submission Patterns: Monitors automated or scripted form submissions.
• Request Frequency: Detects abnormally high request rates from a single IP or user-agent.

Cloud-Based Checks (Pro)

The Pro version of BotBlocker extends local checks with cloud-based intelligence. This means that threats detected on one site can be used to protect all other sites connected to the same network, making the system faster to respond to new attack patterns. This shared model is similar to how major security platforms operate, as described in Imperva’s bot management overview.

• Real-Time IP Threat Database: Checks visitor IPs against regularly updated threat intelligence.
• Behavioral Analysis Database: Matches user activity against known bot behavior collected from multiple sites.
• Collective Intelligence Sharing: Real-time threat sharing across websites.

Early-Phase Traffic Filtering

• Blocking Before WordPress Load: Stops malicious traffic at the earliest stage, prior to site load completion.
• Custom Rule Checks: Immediate blocking based on administrator-defined rules for IP, paths, or user-agent patterns.

Security Parameters

• Nonce Validation: Ensures all AJAX requests include proper WordPress nonce values, preventing CSRF attacks.
• Secure Data Handling: Ensures all captured data complies with GDPR and privacy standards.

Additional Checks

Beyond the core detection methods, BotBlocker includes checks that target specific anonymization techniques. Proxy and Tor usage is common among scrapers and attackers who want to hide their real IP address. Detecting these connection methods adds another layer of protection, particularly for sites that do not have a legitimate reason to receive traffic from anonymous networks.

• Proxy Detection: Identifies visitors using proxy or VPN connections.
• Tor Network Detection: Blocks visitors connecting via the Tor anonymity network.