Baskerville AI Security

Description

Baskerville is a comprehensive WordPress security plugin that protects your site from malicious bots, AI crawlers, and unwanted traffic using multiple detection methods.

Key Features:

• AI Bot Detection – Intelligent classification of bots vs. humans with configurable score thresholds
• GeoIP Access Control – Block or allow traffic by country (whitelist/blacklist modes)
• Cloudflare Turnstile – CAPTCHA challenge for borderline bot scores with precision analytics
• Browser Fingerprinting – Advanced client-side fingerprinting (Canvas, WebGL, Audio)
• Honeypot Detection – Hidden links to catch AI crawlers
• Real-Time Analytics – Live feed, traffic statistics, and Turnstile precision metrics
• Under Attack Mode – Emergency mode to challenge all visitors during attacks
• IP Whitelist – Bypass firewall for trusted IPs
• Form Protection – Protect login, registration, and comment forms with Turnstile

Bot Score System:

• 0-39: Likely human (allowed)
• 40-70: Borderline (optional Turnstile challenge)
• 71-100: Likely bot (blocked)

Performance:

• Minimal overhead (~1ms with page cache, ~30-50ms without)
• APCu + file-based caching for GeoIP lookups
• Compatible with all major caching plugins

External Services

This plugin connects to the following third-party services:

Cloudflare Turnstile

When Turnstile is enabled, the plugin loads JavaScript from Cloudflare’s servers to display CAPTCHA challenges:

• Service URL: https://challenges.cloudflare.com/turnstile/v0/api.js
• Verification API: https://challenges.cloudflare.com/turnstile/v0/siteverify
• Data sent: Turnstile token, visitor IP address
• Purpose: Human verification to prevent bot access
• Privacy Policy: https://www.cloudflare.com/privacypolicy/
• Terms of Service: https://www.cloudflare.com/website-terms/

Turnstile is only loaded when you enable it in plugin settings and provide your Cloudflare API keys.

MaxMind GeoIP Database

When you use the one-click GeoIP database installer, the plugin downloads the GeoLite2-Country database from MaxMind:

• Database download URL: https://download.maxmind.com/
• Data sent: Your MaxMind license key (required for database download)
• Purpose: Determine visitor country for geo-blocking features
• Privacy Policy: https://www.maxmind.com/en/privacy-policy
• Terms of Service: https://www.maxmind.com/en/geolite2/eula

The installer also downloads the MaxMind PHP libraries from GitHub:

• GeoIP2 PHP API: https://github.com/maxmind/GeoIP2-php/archive/refs/tags/v2.13.0.zip
• MaxMind DB Reader: https://github.com/maxmind/MaxMind-DB-Reader-php/archive/refs/tags/v1.11.1.zip
• These are open-source libraries used to read the local GeoIP database. No visitor data is sent to GitHub.
• GitHub Terms of Service: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service
• GitHub Privacy Statement: https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement

The database is stored locally on your server. No visitor data is sent to MaxMind during lookups.

Privacy

Data Collected

This plugin collects and stores the following visitor data locally in your WordPress database:

• IP addresses
• Browser fingerprints (Canvas, WebGL, Audio hashes)
• User agent strings
• Country codes (derived from IP)
• Bot scores and classifications
• Timestamps of visits

Data Retention

Statistics are automatically deleted after the retention period you configure (default: 14 days). You can adjust this in Settings > Baskerville > Settings.

GDPR Compliance

• All data is stored locally on your server
• No visitor data is shared with third parties (except Cloudflare when Turnstile verification occurs)
• Data retention is configurable
• Consider adding disclosure to your site’s privacy policy