Skip to content

equalitie/baskerville

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

45 Commits
admin
admin
Β 
Β 
assets
assets
Β 
Β 
includes
includes
Β 
Β 
README.md
README.md
Β 
Β 
baskerville.php
baskerville.php
Β 
Β 
deployment.md
deployment.md
Β 
Β 
performance_pod.yaml
performance_pod.yaml
Β 
Β 
readme.txt
readme.txt
Β 
Β 

Repository files navigation

Baskerville WordPress Plugin

A WordPress security plugin with GeoIP-based access control, AI-powered bot detection, Cloudflare Turnstile integration, and advanced fingerprinting.

Features

  • πŸ›‘οΈ AI-Powered Bot Detection - Classification of bots vs. humans with configurable thresholds
  • 🌍 GeoIP Access Control - Block or allow traffic by country (whitelist/blacklist)
  • πŸ” Browser Fingerprinting - Advanced client-side fingerprinting with Canvas, WebGL, Audio
  • ☁️ Cloudflare Turnstile - CAPTCHA challenge for borderline bot scores with precision analytics
  • 🍯 Honeypot Detection - Hidden links to catch AI crawlers
  • πŸ“Š Traffic Analytics - Real-time statistics, live feed, and Turnstile precision metrics
  • ⚑ Performance Optimized - Minimal overhead (~1ms with page cache, ~30-50ms without)
  • πŸ” IP Whitelist - Bypass firewall for trusted IPs
  • πŸš€ Caching - APCu + file-based caching for GeoIP lookups
  • 🚨 Under Attack Mode - Emergency mode to challenge all visitors

Building

Run from the parent directory of the plugin folder:

cd ..   # from baskerville/ go to parent directory
zip -r9 baskerville.zip baskerville/ \
  -x "*.DS_Store" \
  -x "baskerville/.git/*" \
  -x "baskerville/.gitignore" \
  -x "baskerville/.idea/*" \
  -x "baskerville/.claude/*" \
  -x "baskerville/vendor/*" \
  -x "*.log" \
  -x "*.txt" \
  -x "*.sh" \
  -x "*.html" \
  -x "baskerville/test-*.php" \
  -x "baskerville/composer.json" \
  -x "baskerville/deployment.md" \
  -x "baskerville/bot-detector*.js" \
  -x "baskerville/ab" \
  -x "baskerville/done" \
  -x "baskerville/sleep"

Note: The vendor/ folder is excluded. After plugin installation, go to Settings β†’ Baskerville β†’ Settings and click "Install MaxMind Library" to enable GeoIP features.

Installation

  1. Upload baskerville.zip in WordPress Admin β†’ Plugins β†’ Add New β†’ Upload Plugin
  2. Activate the plugin
  3. Go to Settings β†’ Baskerville to configure

Configuration

GeoIP Setup

  1. Go to Settings β†’ Baskerville β†’ Settings
  2. Install MaxMind GeoLite2 database (one-click installer)
  3. Configure access mode:
    • Allow All (default) - No country restrictions
    • Blacklist - Block specific countries
    • Whitelist - Allow only specific countries

IP Whitelist

  1. Go to Settings β†’ Baskerville β†’ IP Whitelist
  2. Click "Add My IP" to whitelist your current IP
  3. Or manually add IPs (one per line or comma-separated)

Use cases:

  • Load testing with Apache Bench
  • Whitelisting office network
  • Development environments
  • Monitoring services

Cloudflare Turnstile

Turnstile provides a CAPTCHA-like challenge for visitors with borderline bot scores, allowing legitimate users to prove they're human instead of being blocked outright.

  1. Go to Settings β†’ Baskerville β†’ Turnstile
  2. Get your Site Key and Secret Key from Cloudflare Dashboard
  3. Enter the keys and enable Turnstile
  4. Configure the borderline score range (default: 40-70)

Settings:

  • Bot Score Challenge - Show Turnstile to visitors with scores in the borderline range
  • Score Range - Define min/max bot score for challenge (e.g., 40-70)
  • Under Attack Mode - Emergency mode that challenges ALL visitors (use during attacks)
  • Form Protection - Protect login, registration, and comment forms

Score interpretation:

  • 0-39: Likely human (allowed)
  • 40-70: Borderline (show Turnstile challenge)
  • 71-100: Likely bot (blocked)

Precision Analytics: The Analytics tab shows Turnstile effectiveness:

  • Redirects - Number of challenges shown
  • Passed - Visitors who completed the challenge
  • Failed - Visitors who failed or abandoned (likely bots)
  • Precision - % of challenges that caught bots: (redirects - passes) / redirects

Bot Control

Configure how bots are detected and banned.

  1. Go to Settings β†’ Baskerville β†’ Bot Control

Settings:

  • Ban All Detected Bots - Ban all bot classifications, not just bad_bot
  • Instant Ban Threshold - Score threshold (0-100) for immediate ban without waiting for burst protection. Visitors with scores >= threshold are banned instantly if they don't look like a browser and aren't verified crawlers.

Example: With threshold set to 70, a visitor with score 75 and suspicious headers will be banned immediately.

Performance Optimization Tips

1. Enable Page Caching (Critical!)

Impact: -95% response time

# Install one of:
- WP Super Cache (free)
- W3 Total Cache (free)
- LiteSpeed Cache (free)
- WP Rocket (paid)

Why it helps:

  • Cached pages bypass WordPress PHP execution
  • Baskerville firewall is not executed for cached pages
  • Overhead drops from 50ms β†’ 0ms

2. Enable APCu for Object Caching

Impact: 10x faster cache operations

# Ubuntu/Debian
sudo apt install php-apcu
sudo systemctl restart php-fpm

# Verify
php -m | grep apcu

Why it helps:

  • GeoIP lookups cached in memory (not disk)
  • Ban cache uses RAM (faster than file I/O)
  • APCu: 0.05ms, File: 0.5ms per operation

3. Use NGINX GeoIP2 Module

Impact: 10x faster GeoIP lookups

# /etc/nginx/nginx.conf
load_module modules/ngx_http_geoip2_module.so;

http {
    geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
        auto_reload 5m;
        $geoip2_data_country_code country iso_code;
    }

    fastcgi_param GEOIP2_COUNTRY_CODE $geoip2_data_country_code;
}

Why it helps:

  • NGINX does GeoIP lookup (not PHP)
  • Result passed via $_SERVER['GEOIP2_COUNTRY_CODE']
  • Baskerville uses NGINX result (no MaxMind DB lookup needed)

4. Enable PHP OPcache

Impact: 30-50% faster PHP execution

# Check if enabled
php -i | grep opcache.enable

# Enable in php.ini
opcache.enable=1
opcache.memory_consumption=256
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=10000
opcache.validate_timestamps=0 # Production only

Logging Mode Comparison

Mode Overhead Analytics Shared Hosting Recommended For
File ~50-70ms (5%) βœ… Full (5min delay) βœ… Perfect Production
Disabled ~0ms (0%) ❌ None βœ… Perfect Testing/Dev
Database ~500ms (36%) βœ… Instant ❌ Slow VPS only

Conclusion

Baskerville with File Logging adds 5% overhead while providing:

  • βœ… GeoIP-based access control
  • βœ… AI-powered bot detection with configurable thresholds
  • βœ… Cloudflare Turnstile for borderline cases
  • βœ… Honeypot detection for AI crawlers
  • βœ… Advanced fingerprinting
  • βœ… Real-time traffic analytics with precision metrics
  • βœ… Rate limiting & ban management

Recommendations:

  • βœ… Use File Logging mode for production (default)
  • βœ… Enable page caching (WP Super Cache, etc.)
  • βœ… Install APCu if available (10x faster cache)
  • βœ… Whitelist monitoring/testing IPs
  • βœ… Configure Turnstile for borderline scores (40-70)
  • βœ… Set Instant Ban Threshold for high-risk visitors (e.g., 85)

Troubleshooting

Slow Performance

Symptom: Page loads take >5 seconds

Solutions:

  1. βœ… Enable page caching (WP Super Cache)
  2. βœ… Install APCu: apt install php-apcu
  3. βœ… Enable PHP OPcache
  4. βœ… Use NGINX GeoIP2 module (optional)

Cache Issues

Symptom: GeoIP shows wrong country after VPN change

Solution: Clear GeoIP cache

  1. Go to Settings β†’ Baskerville β†’ GeoIP Test
  2. Click "Clear GeoIP Cache" button
  3. Page will reload with updated country

Load Testing Blocked

Symptom: Apache Bench gets 403 errors

Solution: Whitelist your IP

  1. Go to Settings β†’ Baskerville β†’ IP Whitelist
  2. Click "Add My IP" button
  3. Run tests again

Development

File Structure

baskerville/
β”œβ”€β”€ admin/
β”‚   └── class-baskerville-admin.php      # Admin UI, settings, analytics
β”œβ”€β”€ includes/
β”‚   β”œβ”€β”€ class-baskerville-core.php       # Core functions, caching, GeoIP
β”‚   β”œβ”€β”€ class-baskerville-firewall.php   # Firewall logic, blocking rules
β”‚   β”œβ”€β”€ class-baskerville-ai-ua.php      # AI bot detection & classification
β”‚   β”œβ”€β”€ class-baskerville-stats.php      # Analytics & database logging
β”‚   β”œβ”€β”€ class-baskerville-rest.php       # REST API for fingerprinting
β”‚   β”œβ”€β”€ class-baskerville-turnstile.php  # Cloudflare Turnstile integration
β”‚   └── class-baskerville-honeypot.php   # Honeypot for AI crawler detection
β”œβ”€β”€ assets/
β”‚   β”œβ”€β”€ js/baskerville.js                # Frontend fingerprinting script
β”‚   └── css/                             # Styles
β”œβ”€β”€ vendor/                              # MaxMind GeoIP2 library (auto-installed)
└── baskerville.php                      # Main plugin file

Database Schema

CREATE TABLE wp_baskerville_stats (
    id BIGINT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
    visit_key VARCHAR(64),
    ip VARCHAR(45),
    country_code VARCHAR(2),          -- Added in v1.0.0
    baskerville_id VARCHAR(32),
    timestamp_utc DATETIME,
    score INT,
    classification VARCHAR(32),
    user_agent TEXT,
    evaluation_json LONGTEXT,
    score_reasons TEXT,
    classification_reason TEXT,
    block_reason VARCHAR(120),
    event_type VARCHAR(16),
    had_fp TINYINT(1),
    INDEX idx_timestamp (timestamp_utc),
    INDEX idx_ip (ip),
    INDEX idx_country_code (country_code),  -- Added in v1.0.0
    INDEX idx_event_type (event_type)
);

License

GPL v3 or later - Compatible with WordPress.org plugin directory requirements.

Support

For issues and feature requests, please open an issue on GitHub.

About

Baskerville Wordpress Plugin

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages