Baskerville WordPress Plugin

How does Baskerville protect sites from bots?

Baskerville uses a layered traffic classification approach. Each visitor receives a dynamic risk score (0–100) based on behavioral signals and technical characteristics. Depending on that score, the plugin can allow access, apply a verification challenge, or restrict automated traffic.

It combines behavior analysis, browser capability checks, and optional Cloudflare Turnstile verification for uncertain cases.

Why might I want to manage AI crawler access?

Some automated systems retrieve website content at scale. Baskerville allows site owners to monitor and manage this type of traffic according to their own policies.

The plugin can identify automated traffic associated with known AI platforms and apply custom rules (allow, challenge, or restrict) based on configuration.

What makes Baskerville different from other security plugins?

Many security plugins rely primarily on static blocklists. Baskerville focuses on behavioral classification and graduated responses instead of simple allow/deny rules.

It provides transparency through live activity feeds and detailed decision logs, allowing site owners to understand how traffic is being handled. 

Is Baskerville free?

Baskerville is open source developed by eQualitie, a Canadian non-profit organization focused on privacy, security, and open technologies.

The core plugin is available free of charge. Additional optional services or future enhancements may be introduced separately, but the plugin itself does not require a paid subscription to operate.

How can Baskerville reduce hosting costs?

By filtering abusive or high-volume automated traffic before it consumes server resources, Baskerville may reduce unnecessary load. This can help prevent resource spikes caused by bots or traffic surges.

Actual impact depends on your hosting environment and traffic profile.

Will Baskerville slow down my website?

Baskerville is designed to have minimal performance impact. With caching enabled, overhead is typically very low. Allow-listed IP addresses bypass enforcement checks.

Exact performance impact depends on server configuration and logging mode.

How does the scoring system work?

Each visitor receives a dynamic score between 0 and 100:

• 0–39: Low-risk traffic. Allowed
• 40–70: Uncertain. May receive a Turnstile challenge
• 71–100: High-risk automated behavior. Restricted based on configuration

Thresholds are configurable.

What are honeypot traps?

Honeypot mechanisms are hidden elements embedded in page markup that normal users never interact with. Automated systems that trigger these elements may be classified as bots.

Does Baskerville detect legitimate bots like Google?

Yes. Baskerville distinguishes between different categories of automated traffic, including verified search engines and monitoring services.

Verified bots are allowed by default, while suspicious or abusive automation can be restricted.

Can I customize the bot detection thresholds?

Yes. You can configure:

• Bot score challenge range
• Instant ban threshold
• Whether to restrict all bots or only high-risk traffic

This allows you to balance strictness and usability.

What is Cloudflare Turnstile and why should I use it?

Cloudflare Turnstile is an optional verification mechanism that challenges uncertain traffic. Instead of blocking borderline cases outright, Turnstile provides an additional validation step to reduce false positives.

Does Baskerville support country blocking?

Yes. You can configure:

• Allow All Countries (default) 
• Block specific countries 
• Allow only specific countries 

Country detection is built in and works out of the box without requiring external APIs.

For improved geographic accuracy, site owners may optionally upload their own publicly available GeoIP database (such as a MaxMind GeoLite2 database). This step is entirely optional and not required for the plugin to function.

Does Baskerville block a human visitor if they use VPN?

Baskerville does not automatically block VPN users. However, if country restrictions are enabled, some visitors may receive a verification challenge depending on configuration.

How do I know if Baskerville is working?

You can monitor:

• The live activity feed 
• Historical traffic analytics 
• Turnstile challenge metrics  like pass rate
• The proportion of automated versus human traffic over time 

These tools provide visibility into traffic classification, enforcement activity, and how much of your incoming traffic is automated.

What logging options are available?

You can choose between:

• File logging (lower overhead)
• Database logging (faster analytics access, higher overhead)
• Minimal logging mode

What happens during an attack?

You can enable “Under Attack” mode, which challenges all incoming traffic temporarily. Once the situation stabilizes, normal operation can be restored.

Is there a way to quickly disable protection if something goes wrong?

Yes. Baskerville includes a global Master Switch that allows you to instantly disable all traffic enforcement from the WordPress dashboard.

This is useful if you are troubleshooting conflicts, testing configurations, or responding to unexpected behavior. When disabled, Baskerville stops blocking or challenging visitors while keeping your settings intact.

The Master Switch was designed as an operational safety feature to ensure that site owners can immediately restore normal access without technical intervention.

Can I test my site’s performance without getting blocked?

For normal browser testing, you are unlikely to be blocked — Baskerville targets automated traffic patterns, not regular browsing.

However, if you plan to run load tests or automated crawlers (Apache Bench, wget, Screaming Frog, etc.), add your IP to the whitelist first (Baskerville → Settings → Allowed IPs). These tools lack browser characteristics (cookies, JavaScript) and will trigger burst protection within seconds. Whitelisted IPs bypass all security checks.

What if I get locked out of my site?

The WordPress admin area (/wp-admin/ and /wp-login.php) is always exempt from all Baskerville blocking rules — you can always log into your dashboard, even if your IP has been temporarily banned on the frontend.

From the dashboard you can:

• Add your IP to the whitelist
• Disable blocking via the Master Switch
• Adjust thresholds or disable specific rules

Additionally, all IP bans are temporary (default: 10 minutes) and expire automatically. As a precaution, always add your IP address to the whitelist before enabling strict blocking rules.

If you cannot access your dashboard for any other reason (e.g., unrelated PHP error):

1.   Connect to your server via FTP or SSH
2.   Navigate to /wp-content/plugins/
3.   Rename the baskerville-ai-security folder (this deactivates the plugin)
4.   Log into WordPress and fix the issue
5.   Restore the original folder name

Can I use Baskerville with other security plugins?

Yes, but avoid running multiple traffic-filtering firewalls simultaneously, as this may cause conflicts or redundant processing.

Contacts and Support

For issues and feature requests, please visit our support page here https://wordpress.org/support/plugin/baskerville-ai-security/ or email us at wp@equalitie.org

For general questions, please use a contact form on our website https://baskerville.ai/wp-plugin/