Frequently Asked Questions

Find answers to common questions about our bot protection services and cybersecurity solutions.

1. General Information

Boteraser is a robust bot protection service designed to shield your website from malicious bots, spam, and other automated threats. It employs a variety of filtering techniques to distinguish between legitimate users and harmful bots, designed to help improve website security and support stable performance.

Boteraser offers two flexible protection solutions to meet different needs and technical requirements:

1. Script-Based Protection (Server-Side)
  • Installation Method: Downloadable script that runs directly on your server
  • Operation: Works via cron job (scheduled every 5 minutes) from console/command line
  • Best For:
    • System administrators with server access
    • VPS and dedicated server environments
    • Custom applications and websites
    • Users who prefer server-level protection
  • Features:
    • Direct log file analysis
    • IP blocking at server level
    • Minimal resource usage
    • Works with any web application
2. WordPress Plugin Protection
  • Installation Method: Easy-to-install WordPress plugin
  • Operation: Integrates seamlessly with WordPress admin dashboard
  • Best For:
    • WordPress website owners
    • Users without server access
    • Shared hosting environments
    • Non-technical users who prefer GUI management
  • Features:
    • One-click installation and setup
    • WordPress dashboard integration
    • Real-time statistics and reports
    • Advanced configuration options
    • Automatic updates
    • Multisite network support
Which Option Should You Choose?
  • Choose Script-Based Protection if:
    • You have server/VPS access
    • You manage multiple websites on the same server
    • You prefer console-based management
    • You’re using non-WordPress platforms
  • Choose WordPress Plugin if:
    • You’re using WordPress
    • You prefer dashboard-based management
    • You’re on shared hosting
    • You want visual reports and statistics

Note: Both protection methods use the same powerful Boteraser threat intelligence and provide identical security effectiveness. The choice depends on your technical preferences and hosting environment.

2. Why do you need Boteraser protection?

Your website is under constant attack from:

  • Automated Bot Attacks:
    • Over 40% of all web traffic consists of malicious bots
    • 24/7 automated scanning for vulnerabilities
    • Brute force attacks on login pages
    • SQL injection attempts
    • Cross-site scripting (XSS) attacks
  • DDoS Attacks:
    • Overwhelming your server with traffic
    • Making your website inaccessible to legitimate users
    • Can cost thousands in lost revenue and recovery
  • Data Scraping:
    • Stealing your content and intellectual property
    • Competitive intelligence gathering
    • Price scraping for competitive advantage
  • Spam and Abuse:
    • Form spam flooding your contact forms
    • Fake account registrations
    • Comment spam on blogs and forums

The Reality: Without protection, your website receives hundreds of malicious requests every day. Most website owners are unaware of these constant attacks until it’s too late.

Business Impact of Security Breaches:

  • Financial Losses:
    • Average cost of a data breach: $4.45 million
    • Website downtime costs: $5,600 per minute for e-commerce
    • Recovery and cleanup expenses
    • Legal fees and regulatory fines
    • Lost sales during downtime
  • Reputation Damage:
    • Loss of customer trust and confidence
    • Negative media coverage
    • Social media backlash
    • Long-term brand damage
    • Customer churn and reduced loyalty
  • Operational Disruption:
    • Website and service downtime
    • IT resources diverted to incident response
    • Business process interruption
    • Employee productivity loss
  • Legal and Compliance Issues:
    • GDPR fines up to €20 million
    • CCPA penalties and lawsuits
    • Industry-specific compliance violations
    • Customer litigation

Statistics: 60% of small businesses close within 6 months of a cyber attack. The average time to detect a breach is 287 days, giving attackers plenty of time to cause damage.

Limitations of Common Security Approaches:

  • Basic Firewalls:
    • Only block known bad IPs
    • Can’t distinguish between good and bad bots
    • Limited to simple rule-based filtering
    • Reactive rather than proactive
  • SSL Certificates Alone:
    • Only encrypt data in transit
    • Don’t prevent malicious traffic
    • Provide no bot protection
    • Can’t stop application-layer attacks
  • Plugin-Based Security:
    • Consume server resources
    • Can slow down your website
    • Often have security vulnerabilities themselves
    • Require constant updates and maintenance
    • Limited effectiveness against sophisticated attacks
  • Manual Security Management:
    • Time-consuming and error-prone
    • Requires specialized knowledge
    • Can’t respond to threats in real-time
    • Often reactive rather than preventive

The Modern Threat Landscape: Cyber criminals use sophisticated AI-powered tools, distributed networks, and constantly evolving tactics. Traditional security measures that worked 5 years ago are inadequate against today’s advanced persistent threats.

  • Threat Intelligence Features:
    • Continuously updated list of malicious IPs from multiple high-quality sources
    • Aggregated threat data from external sources that utilize machine learning and behavioral analysis
    • Pattern recognition and reputation-based indicators from trusted intelligence feeds
    • Global coverage through collaboration with multiple threat intelligence networks
  • Multi-Layer Defense:
    • IP reputation filtering from external security intelligence sources
    • Geolocation-based blocking using up-to-date IP data
    • User-agent insights derived from advanced bot signature databases
    • Rate limiting and throttling
    • Access control reinforced through combined detection signals from multiple sources
  • Cloud-Based Architecture:
    • No server resource consumption
    • Instant global updates
    • Scalable to handle any traffic volume
    • high-availability architecture designed to support reliable uptime
  • Intelligent Bot Detection:
    • Distinguishes between good and bad bots
    • Allows search engines while blocking scrapers
    • Protects against sophisticated bot networks
    • Designed to minimize false positives for legitimate traffic
  • Proactive Defense:
    • Helps reduce the likelihood of threats reaching your server
    • Uses preventive mechanisms alongside detection techniques
    • Automatically adapts to new threat patterns
    • No configuration required

Every Online Business Benefits from Protection:

  • E-commerce Websites:
    • Protect customer data and payment information
    • Prevent inventory scraping and price monitoring
    • Maintain website performance during traffic spikes
    • Protect against card testing and fraud attempts
  • SaaS and Technology Companies:
    • Protect APIs from abuse and over-usage
    • Prevent unauthorized access to premium features
    • Maintain service availability for paying customers
    • Protect intellectual property and code
  • Content Publishers and Blogs:
    • Prevent content scraping and plagiarism
    • Protect ad revenue from click fraud
    • Maintain website speed and user experience
    • Prevent comment and form spam
  • Financial Services:
    • Meet strict security compliance requirements
    • Protect sensitive financial data
    • Prevent fraud and unauthorized access
    • Maintain customer trust and confidence
  • Healthcare Organizations:
    • Protect patient data (HIPAA compliance)
    • Prevent unauthorized access to medical records
    • Maintain service availability for critical systems
    • Protect against ransomware attacks
  • Small and Medium Businesses:
    • Affordable enterprise-level security
    • No need for dedicated IT security staff
    • Protect reputation and customer trust
    • Focus on business growth, not security management

Reality Check: If your website has any value to your business, it has value to attackers. Size doesn’t matter – small websites are often targeted because they’re perceived as having weaker security.

Cost-Benefit Analysis:

  • Prevention vs. Recovery Costs:
    • Boteraser protection: $20/month (Standard) or $40/month (PRO)
    • Average breach recovery cost: $4.45 million
    • Website downtime: $5,600/minute
    • ROI: 1000:1 or better
  • Operational Savings:
    • Reduced server load and hosting costs
    • Less bandwidth consumption
    • Fewer support tickets and issues
    • No need for expensive security staff
    • Automated threat management
  • Business Value Protection:
    • Maintained customer trust and loyalty
    • Uninterrupted revenue generation
    • Protected brand reputation
    • Compliance with regulations
    • Peace of mind for business owners
  • Performance Benefits:
    • Faster website loading times
    • Better SEO rankings
    • Improved user experience
    • Higher conversion rates
    • Better customer satisfaction

Case Study Example: A medium e-commerce site paying $20/month (Standard) or $40/month (PRO) for Boteraser protection avoided a potential DDoS attack that could have caused $50,000 in lost sales during a busy shopping weekend. The ROI was over 249,000% in just one incident.

Speed of Modern Cyber Attacks:

  • Automated Attacks:
    • Bots can scan your entire website in minutes
    • Vulnerability exploitation in seconds
    • Data exfiltration in hours
    • No human intervention required
  • DDoS Attack Timeline:
    • 0-5 minutes: Attack begins, website slows
    • 5-15 minutes: Website becomes inaccessible
    • 15+ minutes: Revenue loss begins accumulating
    • Hours/Days: Customer trust erodes
  • Data Breach Progression:
    • Initial access: Minutes to hours
    • Lateral movement: Hours to days
    • Data discovery: Days to weeks
    • Data exfiltration: Hours to days
    • Detection: Average 287 days (if ever)
  • Business Impact Timeline:
    • Immediate: Lost sales and customers
    • Short-term: Reputation damage, media coverage
    • Medium-term: Customer churn, legal issues
    • Long-term: Brand damage, compliance fines

Real-World Example: A popular e-commerce site experienced a 3-hour DDoS attack during Black Friday. The attack cost them $180,000 in lost sales, plus another $50,000 in emergency mitigation costs. This could have been prevented with a $20/month Boteraser subscription.

The Bottom Line: In the digital world, threats move at the speed of light. Manual response and traditional security measures are too slow. You need automated, protection that works 24/7.

Boteraser’s Competitive Advantages:

  • Simplicity and Ease of Use:
    • Single line of code implementation
    • No complex configuration required
    • Works immediately after installation
    • User-friendly dashboard and controls
  • Performance Optimization:
    • Zero impact on website loading speed
    • Reduces server load by blocking bad traffic
    • Global CDN integration
    • Improves SEO rankings through better performance
  • Affordable Pricing:
    • Starting at $20/month or $149/year for Standard plans, and $40/month or $349/year for PRO plans
    • No setup fees or hidden costs
    • Transparent, predictable pricing
    • Enterprise features at SMB prices
  • Advanced Technology:
    • Machine learning threat detection
    • Real-time global threat intelligence
    • Behavioral analysis and pattern recognition
    • Continuously updated protection algorithms
  • Customer Support:
    • Responsive technical support team
    • Comprehensive documentation
    • Community forums and resources
    • Regular security updates and improvements

Why Choose Boteraser:

  • Extensefly tested: Proven in real-world environments for reliability and trust
  • Designed for fast activation and early-stage threat mitigation
  • ✅ Scalable Solution: Grows with your business needs
  • ✅ No Lock-in: Cancel anytime with no penalties
  • Designed to reduce operational and security risks

Don’t wait for an attack to happen. Every day without protection is a day your website is vulnerable. Start your Boteraser protection today and join family of businesses that sleep better knowing their websites are secure.

3. Script-Based Protection (Standard & PRO)

BE Client (Standard) provides web server log analysis and bot protection for HTTP/HTTPS traffic. The automated installation script is the recommended method.

Download and run the installation script:

wget https://github.com/sofset-dev/boteraser/raw/refs/heads/main/be-client-install-script/be-client-install-script.tar.gz
tar -xzf be-client-install-script.tar.gz
cd boteraser-install
chmod +x be-install
sudo ./be-install

The script will prompt you for:

  • Web root directory (e.g., /var/www/example.com/htdocs)
  • Web user (typically www-data)
  • Web user group

The installation script will:

  • Create necessary directories
  • Download and unpack the client package
  • Set appropriate file permissions
  • Configure ownership settings

Important Note about Scheduling:

After installation, you must set up a crontab to run the script every 5 minutes:

crontab -e

Add this line:

*/5 * * * * /path/to/your/webroot/boteraser/be-client >/dev/null 2>&1

Warning: Do not run the script more frequently than every 5 minutes. More frequent execution will result in your API access being banned for that website.

After completing these steps, your website will be protected by our shield service.

If you prefer manual installation of BE Client (Standard), follow these steps:

  1. Download and Extract:
    cd /path/to/your/webroot
wget https://github.com/sofset-dev/boteraser/raw/refs/heads/main/be-client/be-client-latest.tar.gz
tar -xzf be-client-latest.tar.gz
cd boteraser/
  2. Configure be.conf:
    nano be.conf

    Set the following parameters:

  3. Set Permissions:
    chmod +x be-client
chmod 600 be.conf
chown www-data:www-data be-client be.conf
  4. Schedule Execution:

    Add to crontab to run every 5 minutes:

    crontab -e

    Add this line:

    */5 * * * * /path/to/your/webroot/boteraser/be-client >/dev/null 2>&1

Important API Key Usage Rules:

  • Each API key can only be used for ONE website
  • Using the same API key on multiple websites may result in an immediate ban, depending on usage and policy violations.
  • For each additional website, you need to generate a new API key and buy new subscription
  • Banned API keys cannot be reactivated

Warning: API key misuse will result in permanent ban without the possibility of restoration. Please ensure you generate unique API keys for each website you protect.

Note: No security solution, including Boteraser, can guarantee 100% protection, as threats are always evolving. However, Boteraser stands out for its superior quality by combining multiple high-quality threat intelligence sources. The system adapts quickly to new risks, minimizes false positives, and delivers a thoughtful, layered approach that puts your website’s security first.

BE Client PRO provides network-level protection for all services on your server. The automated installation script is the recommended method.

System Requirements

You need a Linux server with root access. The script automatically checks for the following tools: iptables, ipset, tcpdump, curl, gawk. For IPv6 protection, ip6tables is recommended. The script supports common package managers (apt, yum, dnf, pacman) and will install any missing dependencies automatically.

Download and run the installation script:

wget https://github.com/sofset-dev/boteraser/raw/refs/heads/main/be-client-pro-install-script/be-client-pro-install-script.tar.gz
tar -xzf be-client-pro-install-script.tar.gz
cd boteraser-pro-install
chmod +x be-install-pro
sudo ./be-install-pro

Installation is fully automated via our bash script. The script checks and installs all required dependencies, downloads the latest package, unpacks it, sets permissions, and creates the configuration file. You must run the script as root.

During installation, you will be prompted for:

  • Installation directory
  • Your API key (generated at user.boteraser.com/api.php)
  • Network interface to monitor (e.g., eth0, ens3, enp0s3, or “any” for all interfaces)

These values are automatically saved in the be-pro.conf configuration file in your installation directory. At the end, a cron job is automatically added that runs the Boteraser PRO client every 5 minutes, ensuring continuous protection without manual intervention.

Important Notes:

  • BE Client PRO requires a PRO subscription and root privileges
  • Protects ALL services: HTTP/HTTPS, SSH, FTP, MySQL, mail servers, DNS, and more

If you prefer manual installation of BE Client PRO, follow these steps:

System Requirements

You need a Linux server with root access. Required tools: iptables, ipset, tcpdump, curl, gawk. For IPv6 protection, ip6tables is recommended.

Step 1: Download and Extract

wget https://github.com/sofset-dev/boteraser/raw/refs/heads/main/be-client-pro/be-client-pro-latest.tar.gz
sudo tar -xzf be-client-pro-latest.tar.gz
cd boteraser-pro/

Step 2: Configure API Key

Edit the configuration file:

sudo nano be-pro.conf

Add your PRO API key:

API_KEY_PRO="your-pro-api-key-here"
INTERFACE="any"  # or specific interface like eth0, ens3

Step 3: Test the Client

chmod +x be-client-pro
sudo ./be-client-pro

Step 4: Schedule via Cron (Every 5 Minutes)

With logging:

*/5 * * * * /absolute/path/to/be-client-pro >> /var/log/be-client-pro.log 2>&1

Without logging (silent):

*/5 * * * * /absolute/path/to/be-client-pro >/dev/null 2>&1

Important Notes:

  • BE Client PRO requires a PRO subscription and root privileges
  • The script captures live network traffic for 30 seconds (configurable)
  • Blocked IPs auto-expire after 24 hours
  • Supports both IPv4 and IPv6 dual-stack
  • Uses ipset + iptables for high-performance blocking
  • Protects ALL services: HTTP/HTTPS, SSH, FTP, MySQL, mail servers, DNS, and more

The client periodically (every 5 minutes, via cron) analyzes network traffic using tcpdump, identifies the most active IP addresses, sends them to our server for analysis, and then automatically blocks malicious IPs using ipset and iptables (for IPv4) and ip6tables (for IPv6). Blocks last for 24 hours and are automatically refreshed.

Yes, if ip6tables is installed, Boteraser PRO will automatically protect IPv6 traffic. Otherwise, IPv6 addresses are skipped and you will see a warning during script execution.

You can use the following commands:

  • ipset list boteraser-pro-v4 – shows blocked IPv4 addresses
  • ipset list boteraser-pro-v6 – shows blocked IPv6 addresses (if supported)
  • ipset flush boteraser-pro-v4 – clears all IPv4 blocks
  • ipset flush boteraser-pro-v6 – clears all IPv6 blocks

Yes, but it’s crucial that your web server is configured to receive the actual visitor’s IP address, usually via headers like X-Forwarded-For or CF-Connecting-IP (for Cloudflare). If Boteraser only sees the IP of your CDN or load balancer, it cannot effectively block malicious actors. Ensure your server logs reflect the true client IP for accurate protection.

Common causes (applies to both Standard and PRO):
  • Script not running as root
  • Incorrect user/group permissions
  • Invalid installation path
  • Missing write permissions
  • Insufficient disk space

Solution: Run the installation script as root. Verify your server configuration and ensure proper permissions are set.

The script automatically detects the most common package managers (apt, yum, dnf, pacman) and attempts to install any missing dependencies automatically. If the automatic installation fails, it will display a list of missing dependencies and instructions to install them manually. After installing the required tools, simply rerun the installation script.

Key Differences:

  • BE Client (Standard):
    • Analyzes web server logs
    • Protects HTTP/HTTPS traffic only
    • Identifies bot names and patterns
    • Works with any web server (Apache, Nginx, etc.)
    • Ideal for websites and web applications
  • BE Client PRO:
    • Analyzes live network traffic via tcpdump
    • Protects ALL TCP/UDP services (SSH, FTP, MySQL, email, DNS, etc.)
    • Network-level blocking with ipset + iptables
    • Supports IPv4 and IPv6 dual-stack
    • Requires root access
    • Ideal for full server protection

Which one should you choose?

  • Choose Standard if you only need to protect your website/web application
  • Choose PRO if you need comprehensive server protection for all services

4. WordPress Plugin Installation & Setup

The Boteraser WordPress Plugin is a comprehensive security solution specifically designed to protect WordPress websites from automated threats, malicious bots, and suspicious activities. It provides advanced protection through intelligent filtering, monitoring, and customizable security rules.

Key Features:

  • Bot blocking powered by continuously updated threat intelligence
  • Lightweight and optimized for performance
  • Comprehensive security analytics and reporting
  • Easy WordPress integration with native admin interface
  • Compatible with major caching and security plugins
  • Subscription-based protection with Monthly, and Annual plan

Installation Methods:

Method 1: WordPress Admin Dashboard
  1. Log into your WordPress admin dashboard
  2. Navigate to Plugins → Add New
  3. Search for “Boteraser”
  4. Click Install Now and then Activate
Method 2: Manual Upload
  1. Download the plugin from your Boteraser account
  2. Go to Plugins → Add New → Upload Plugin
  3. Choose the downloaded .zip file
  4. Click Install Now and Activate
Method 3: FTP Upload
  1. Extract the plugin files from the .zip archive
  2. Upload the “boteraser” folder to /wp-content/plugins/
  3. Activate the plugin through the WordPress admin panel

System Requirements:

  • WordPress 5.0 or higher
  • PHP 7.4 or higher
  • MySQL 5.6 or higher / MariaDB 10.1 or higher
  • Active Boteraser subscription and API key
Initial Configuration
  1. After activation, go to Settings → Boteraser in your WordPress admin
  2. Enter your API key from your Boteraser account
  3. Save settings and test the configuration
Advanced Configuration Options
  • Protection Mode:
    • Monitor: Log threats
    • Block Mode: Actively block detected threats
  • Filter Settings:
    • Ai Bot detection sensitivity
    • Country-based filtering
    • IP whitelist/blacklist management
    • User-agent filtering rules
  • WordPress-Specific Protection:
    • Website page protection
    • Comment spam prevention
    • Contact form protection
    • REST API endpoint protection
Integration with WordPress Features
  • WooCommerce: Protects checkout and account pages
  • Contact Forms: Compatible with Contact Form 7, Gravity Forms, WPForms
  • Membership Plugins: Protects registration and login forms
  • Caching Plugins: Works with WP Rocket, W3 Total Cache, WP Super Cache
Note: No security solution, including Boteraser, can guarantee 100% protection as threats are always changing. Boteraser uses advanced threat intelligence from high-quality sources and is designed to minimize false positives, focusing on blocking harmful bots while keeping your website accessible. Our system adapts quickly to new risks and provides thoughtful, layered protection that prioritizes legitimate user access, so you can maintain security without sacrificing usability.
WordPress Dashboard Reports

Access comprehensive security reports directly in your WordPress admin:

  • Dashboard Widget: Quick overview of recent threats and blocks
  • Security Log: Detailed activity log
  • Analytics Page: Charts showing threat
  • Monitoring: Live view of current protection status
Report Categories
  • IP Addresses: The IP address involved in the event
  • Expires: When the block or action expires
  • Time Remaining: How long until expiration
  • Actions: Available actions (eg., unblock)
Immediate Solutions
  1. Check Whitelist: Add the user’s IP to the whitelist
  2. Adjust Sensitivity: Lower the bot detection sensitivity
  3. Review Logs: Check why the user was blocked
Common False Positive Scenarios
  • VPN Users: Add VPN IP ranges to whitelist or reduce VPN blocking
  • Mobile Users: Adjust mobile user-agent detection rules
  • Corporate Networks: Whitelist corporate IP ranges
  • Search Engine Bots: Ensure legitimate crawlers are whitelisted
Emergency Bypass

If you’re locked out of your site:

  1. Access your site via FTP or hosting control panel
  2. Navigate to /wp-content/plugins/boteraser/includes/
  3. Open file named blocked-ips.php and remove your IP address
  4. This will disable blocking of your IP
Critical: WordPress Cron Scheduling

⚠️ IMPORTANT: The WordPress plugin relies on WordPress cron jobs to communicate with Boteraser servers. For optimal protection:

  • Frequency Requirement: WordPress cron must run every 5 minutes (12 times per hour)
  • Rate Limiting: If the plugin doesn’t communicate at this frequency, rate limiting will be invoked
  • Protection Impact: Irregular communication may cause protection delays or false positives
  • Server Configuration: Ensure your hosting provider supports proper WordPress cron execution

Solution: If WordPress cron is unreliable, consider setting up a server-level cron job to trigger wp-cron.php every 5 minutes, or switch to the script-based protection method.

Multisite Support Features
  • Centralized Management: Configure settings from the network admin
  • Per-site Customization: Allow individual sites to customize their settings
  • Unified Reporting: View security reports for the entire network
Configuration Options
  • Site-specific Rules: Different protection levels for different sites
  • API Key Usage: Use separate API key per site
Management Best Practices
  • Use network activation for consistent protection
  • Set up centralized monitoring
  • Configure different rules for high-traffic vs. low-traffic sites
  • Regular review of network-wide security reports
Performance Optimizations
  • Lightweight Code: Minimal resource consumption
  • Local Caching: Cache decisions to reduce API calls
  • Asynchronous Processing: Non-blocking threat analysis
  • Conditional Loading: Load only necessary components
Performance Metrics
  • Response Time Impact: Typically < 10ms additional latency
  • Memory Usage: < 2MB additional memory consumption
  • Database Queries: Minimal additional queries (typically 1-2 per request)
  • Cache Compatibility: Works seamlessly with page caching
High-Traffic Optimization
  • Edge Caching: Cache decisions at CDN level
  • Rate Limiting: Built-in protection against API overuse
  • Local Decision Making: Reduce dependency on external API calls
  • Batch Processing: Process multiple requests efficiently
Performance Monitoring
  • Built-in performance metrics in the admin dashboard
  • Integration with WordPress performance monitoring tools
  • Detailed timing logs for troubleshooting
  • Automated alerts for performance degradation
Common Issues and Solutions
Plugin Not Activating
  • Check PHP version compatibility (7.4+ required)
  • Verify WordPress version (5.0+ required)
  • Check for plugin conflicts (deactivate other security plugins temporarily)
  • Ensure proper file permissions (644 for files, 755 for directories)
API Connection Issues
  • Verify API key is correct and active
  • Check firewall settings (allow outbound connections to Boteraser servers)
  • Test DNS resolution of Boteraser domains
  • Check for proxy or CDN interference
Site Performance Issues
  • Reduce bot detection sensitivity
  • Enable local caching options
  • Check for plugin conflicts with caching plugins
  • Review and optimize database queries
False Positive Blocks
  • Review security logs for block reasons
  • Add legitimate IPs to whitelist
  • Adjust country filtering settings
  • Fine-tune user-agent detection rules
Diagnostic Tools
  • System Status Page: Check plugin health and configuration
  • Debug Mode: Enable detailed logging for troubleshooting
  • Connection Tester: Verify API connectivity
  • Conflict Detector: Identify problematic plugins or themes
Log File Locations
  • Plugin Logs: /wp-content/uploads/boteraser/logs/
  • WordPress Debug Log: /wp-content/debug.log
  • Server Error Logs: Check your hosting control panel
  • Admin Dashboard: View logs directly in WordPress admin
Getting Support
  • Use the built-in support ticket system in the plugin
  • Include system information and error logs
  • Provide steps to reproduce the issue
  • Check the plugin documentation and knowledge base first
Automatic Updates
  • WordPress Updates: Receive updates through WordPress admin
  • Security Patches: Critical updates applied automatically
  • Feature Updates: Optional updates with new functionality
  • Configuration Preservation: Settings maintained across updates
Manual Update Process
  1. Backup your website and database
  2. Download the latest version
  3. Deactivate the current plugin
  4. Upload the new version (overwrite existing files)
  5. Reactivate the plugin and verify settings
Update Best Practices
  • Test Environment: Test updates on staging site first
  • Maintenance Window: Schedule updates during low-traffic periods
  • Monitor Performance: Check site performance after updates
  • Review Logs: Check for any update-related issues
Maintenance Tasks
  • Regular Backups: Backup plugin settings and configuration
  • Log Rotation: Automatic cleanup of old security logs
  • Performance Monitoring: Regular performance checks
  • Security Reviews: Periodic review of protection effectiveness
Version Compatibility
  • WordPress Compatibility: Support for latest WordPress versions
  • PHP Compatibility: Regular testing with new PHP versions
  • Plugin Compatibility: Testing with popular WordPress plugins
  • Theme Compatibility: Works with any properly coded WordPress theme
Rollback Procedures

If you experience issues after an update:

  1. Restore from backup if necessary
  2. Contact support for rollback assistance
  3. Use the previous stable version temporarily
  4. Report issues to help improve future updates
Compatible Security Plugins
  • Wordfence: Can work alongside for complementary protection
  • Sucuri Security: Compatible with their malware scanning
  • iThemes Security: Works with their file monitoring
  • All In One WP Security: Compatible with their login protection
Potential Conflicts
  • Firewall Overlap: Disable redundant firewall features
  • Bot Detection: May need to coordinate detection rules
  • Rate Limiting: Avoid double rate limiting
  • IP Blocking: Ensure consistent whitelist/blacklist rules
Recommended Configurations
  • Primary Bot Protection: Use Boteraser as main bot detection
  • Malware Scanning: Keep separate malware scanners active
  • Login Security: Combine with 2-Step Authentication and login attempt limiting
  • File Monitoring: Use other plugins for file integrity checking
CDN and Hosting Integration
  • Cloudflare: Works seamlessly with Cloudflare protection
  • MaxCDN/StackPath: Compatible with edge security features
  • WP Engine: Integrates with their security stack
  • SiteGround: Works with their server-level security
Setup Guidelines
  1. Install Boteraser first to establish baseline protection
  2. Add complementary security plugins one at a time
  3. Test functionality after each addition
  4. Configure plugins to avoid conflicting rules
  5. Monitor performance and adjust as needed

Boteraser attempts to display the server’s uptime for monitoring purposes. However, if you don’t see it, your hosting environment may be restricting access to system-level information. This is common on shared hosting, where such data is hidden for security reasons. On VPS or dedicated servers, uptime is typically available and visible.

5. Shield: How It Works

Our shield provides comprehensive protection through multiple advanced security layers:

  • Malicious Bot Detection:
    • Advanced pattern recognition for bot identification
    • Behavioral analysis of traffic patterns
    • Rate limiting for aggressive crawlers
    • Protection against content scraping
  • IP Reputation System:
    • IP threat assessment
    • Multi-layer IP verification
    • Geolocation-based filtering
    • Known malicious network blocking
  • Advanced Security Features:
    • DDoS attack mitigation
    • Botnet protection
    • Automated threat response
    • Custom rule implementation

While other services may use similar protection methods, our system aggregates data from a significantly wider range of sources, providing more comprehensive coverage against emerging threats.

Creating a New Shield:

  1. Log into your Boteraser account dashboard
  2. Navigate to Shield → New Shield in the menu
  3. Enter your website domain (e.g., example.com)
  4. Select your protection type (Standard or PRO)
    Important: You must align your Shield Type with your intended Subscription Plan (e.g., Standard Shield requires Standard Plan, PRO Shield requires PRO Plan). You cannot mix types.
  5. Configure initial settings:
    • Geographic restrictions (if needed)
    • Bot filtering sensitivity
    • Custom IP whitelist/blacklist
    • Automatic filtering options (recommended to enable all):
      • AI Bots filtering with sensitivity levels
      • Bad Bot filtering
      • Malicious IP address filtering
  6. Click Create Shield & generate your API key after that
  7. Copy the API key and install the client on your server

After Creation:

  • Your Shield will appear in the Shield List
  • Protection begins as soon as the client script runs – blocking of malicious traffic is enabled immediately
  • Monitor the dashboard for incoming threats and statistics

Accessing Your Shields:

  1. Go to Shield → Shield List in your dashboard
  2. View all your protected websites and their status
  3. Click on any Shield to view its configuration details

Shield View Options:

  • View Configuration: See all settings configured during Shield creation (protection type, geographic filters, bot sensitivity, etc.)
  • View Statistics: Monitor blocked threats, traffic patterns, and protection effectiveness
  • View Logs: Access detailed logs of all security events

Important: Once a Shield is created, its configuration cannot be modified. If you need different settings, you must delete the current Shield and create a new one with the desired configuration. After creating a new Shield, update the API key in your client program (e.g., Boteraser WP plugin, be-client or be-client-pro script) to use the new Shield for that site.

Shield Actions:

  • Delete Shield: If the current Shield configuration doesn’t meet your needs, you can delete it and create a new one with different settings

Note: Any changes (new Shield association via API key update) take effect within 5 minutes (on the next client sync cycle).

Yes, you can protect multiple websites! Each website requires its own subscription and API key.

How It Works:

  • One Shield as Template: A single Shield can be used as a configuration template for protecting multiple websites. Multiple API keys can reference the same Shield configuration.
  • Subscription is tied to API Key: Each API key requires its own active subscription (Monthly or Annual). The subscription is associated with the API key, not the Shield itself.
  • Unique API Keys: Each website gets its own API key that cannot be shared between websites
  • Centralized Management: All your Shields and API keys are managed from one account dashboard

Adding Protection for Additional Websites:

  1. Create a new API key for the additional website (or reuse an existing Shield configuration)
  2. Purchase a subscription for the new API key
  3. Install the client with the new API key on the corresponding server

Important Rules:

  • ⚠️ Never share API keys between websites – this will result in a ban
  • ⚠️ Each API key is locked to one domain for security purposes
  • ⚠️ Subdomains (blog.example.com, shop.example.com) may require separate API keys depending on your server configuration

Benefits of Using Different Shields for Different Sites:

  • Independent configuration for each website (different geo-restrictions, bot sensitivity, etc.)
  • Separate statistics and logs per site
  • Customized protection rules based on each site’s specific needs
  • No cross-contamination if one site is under heavy attack

Note: While you can use the same Shield for multiple sites (via different API keys), creating separate Shields allows for more tailored protection per website.

6. Updates & Maintenance

Our update system works on multiple levels:

  • Protection Updates:
    • Malicious IP list frequently refreshed with up-to-date entries
    • Bot signatures updated using data from multiple trusted security sources
    • Threat intelligence feeds continuously aggregated and analyzed
  • System Maintenance:
    • Core system updates monthly or as needed
    • Security patches applied immediately when available
    • Infrastructure optimization weekly
  • Data Sources:
    • Global IP reputation databases
    • Known malicious bot networks
    • Collaborative security intelligence networks

Note: While updates are automatic, your client script (be-client.sh or be-client-pro.sh) must run every 5 minutes to receive the latest protection rules.

7. Pricing & Subscriptions

New users can enjoy a 7-day free trial with no credit card required — simply sign up and start testing all features immediately. After the trial, we offer four flexible payment plans to meet different security needs:

Standard Plans (Web Protection):

  • Standard Monthly: $20/month – Helps protect websites and web applications
  • Standard Annual: $149/year – Save $91/year (38%) compared to monthly

PRO Plans (Multi-Service Protection):

  • PRO Monthly: $40/month – Network-level protection for multiple server services
  • PRO Annual: $349/year – Save $131/year (27%) compared to monthly

Key Differences:

  • Standard: Analyzes web server logs, protects HTTP/HTTPS traffic only
  • Standard: Server load & uptime stats are available when using the standalone script; when using the WordPress plugin, availability depends on the hosting environment
  • PRO: Analyzes live network traffic, provides protection for multiple services (SSH, FTP, MySQL, email, DNS, etc.)
  • PRO: Includes server load & uptime stats, faster support (6-12h PRO vs 24-48h STANDARD)

All plans include IP reputation checking, bot detection, real-time monitoring, and detailed analytics.

Standard Plans (Monthly $20/mo & Annual $149/yr):

  • Protection Type: Website/Application only (HTTP/HTTPS)
  • Analysis Method: Web server log analysis
  • Bot Detection: ✅ Identifies bot names and patterns
  • IP Reputation Checking: ✅ Real-time threat intelligence
  • Real-time Analytics Dashboard: ✅ Traffic monitoring
  • Detailed Attack Reports: ✅ Comprehensive logs
  • Server Uptime Stats: ⚠️ Depends on hosting provider
  • Support Response: 48h (Monthly) / 24h (Annual)

PRO Plans (Monthly $40/mo & Annual $349/yr):

  • Protection Type: Full server – multiple services (SSH, FTP, MySQL, email, DNS, etc.)
  • Analysis Method: Live network traffic via tcpdump
  • Network-level Blocking: ✅ ipset + iptables
  • Bot Detection: ✅ Advanced traffic analysis
  • IP Reputation Checking: ✅ Real-time threat intelligence
  • Real-time Analytics Dashboard: ✅ Comprehensive monitoring
  • Detailed Attack Reports: ✅ Network-wide logs
  • Server Load & Uptime Stats: ✅ Continuously available during active monitoring
  • IPv4 & IPv6 Support: ✅ Dual-stack traffic monitoring & filtering
  • Priority Support: ✅ Dedicated channel
  • Support Response: 12h (Monthly) / 6h (Annual)

Key Difference: Standard focuses on web traffic only, while PRO extends protection to server-level network traffic across multiple services and protocols.

We accept the following payment methods:

  • Paddle.com: Our primary payment processor for all transactions
  • Payment methods: Through Paddle’s secure gateway, we accept:
    • Visa
    • MasterCard
    • American Express
    • Paypal
    • Google Pay
    • Apple Pay

Note: Other payment methods may be available through Paddle.com, but the above options are recommended for the best experience. Supported payment types can change over time depending on Paddle’s platform and our configuration. You don’t need a Paddle account to pay with any of the above methods. All transactions are processed through Paddle’s secure payment gateway.

To change your plan:

  1. Go to Pricing in your account menu
  2. View the available plans in the comparison table
  3. Click “Choose plan” under your desired option
  4. Follow the payment process to complete the upgrade

Note: If you upgrade from the Monthly to the Annual plan, the system automatically calculates the remaining value of your current subscription and deducts it from the annual price. You simply select the Annual plan in your dashboard and follow the upgrade steps—no manual cancellation or external payment actions are needed. All payments and subscriptions are securely managed via Paddle.com.

8. Subscription Status Issues

This message means that your trial access to Boteraser services has ended. To continue using the service, you will need to subscribe to one of our paid plans. Please visit the Billing page to choose a suitable plan and complete your subscription.

These messages indicate an issue with your account’s subscription status:

  • API key is suspended!: This usually means there’s an issue with your payment or your subscription has been temporarily halted. Please check your subscription status on the Subscriptions page and ensure your payment details are up to date on the Billing page.
  • API key is cancelled!: This means your subscription has been cancelled. If you wish to continue using Boteraser, you will need to start a new subscription from the Billing page.

If you believe this is an error, please contact our support team.

9. API Key & Access Issues

This error message, which may appear in the output of be-client.sh or be-client-pro.sh, in server logs, or when using the WordPress plugin, indicates that the API key provided in your configuration file (be.conf or be-pro.conf) or plugin settings is incorrect or not recognized by the Boteraser server. To resolve this:

  1. Verify that the API_KEY in your be.conf or be-pro.conf file (if you are using the script) or in the plugin settings (if using WordPress) exactly matches the API key shown on your API page.
  2. Ensure there are no extra spaces or characters in the API key within the configuration file, or in the WordPress plugin settings if you are using the plugin.
  3. If you recently regenerated your API key, make sure you’ve updated it in your configuration file (be.conf or be-pro.conf) or in the WordPress plugin settings (for WordPress sites).

API bans usually occur due to:

  • Running client scripts (be-client.sh or be-client-pro.sh) more frequently than every 5 minutes
  • Incorrect crontab configuration
  • Using the same API key on multiple websites/domains

Solution: Verify your crontab settings using crontab -l and ensure the script runs only every 5 minutes.

An API key can only be created if your Subscription and Shield belong to the same group—meaning a PRO Subscription must be matched with a PRO Shield, and a Standard Subscription with a Standard Shield.

10. Troubleshooting & Support

Check these common issues:

  • Invalid API KEY in your configuration file (be.conf or be-pro.conf)
  • Wrong LOG_PATH configuration

Solution: Verify all settings in your configuration file (be.conf or be-pro.conf) match your server configuration.

While our system is designed to be accurate, false positives can occasionally occur. If a legitimate user is blocked, you can:

  • Add their IP address to the Whitelist for the relevant Shield.
  • If the issue persists or is widespread, contact our support for assistance.

You can view detailed logs of blocked IPs and other security events within your Boteraser user panel by navigating to the Logs page. This page provides insights into the threats your website is facing and how Boteraser is mitigating them.

11. Data Security & Privacy

Your data security is our top priority. We implement multiple layers of protection:

  • End-to-end encryption for all data transmission
  • Regular security audits and penetration testing
  • 24/7 infrastructure monitoring
  • Regular backup procedures

We collect and store:

  • Account information
  • Shield configuration settings
  • Traffic analytics and threat detection logs
  • Payment information (processed securely via PayPal)

We never store or process sensitive user data from your protected websites.

We maintain strict compliance with global privacy standards:

  • GDPR compliance for EU data protection
  • CCPA compliance for California residents
  • Regular privacy impact assessments
  • Data minimization principles
  • Transparent data processing practices

Our privacy policy details how we handle your data, available rights, and contact information for our Data Protection Officer.

12. Legal Information

Key Terms and Liability Disclaimers:

  • Service Disclaimer:
    • The service is provided “as is” without any warranties, express or implied
    • We do not guarantee 100% protection against all threats
    • Service availability may vary and occasional downtime may occur
  • Limitation of Liability:
    • We are not liable for any direct, indirect, incidental, or consequential damages
    • No responsibility for data loss, business interruption, or financial losses
    • Not liable for any security breaches or unauthorized access
  • User Responsibilities:
    • Users remain responsible for their website’s overall security
    • Regular backups and security measures must be maintained
    • Compliance with local laws and regulations remains user’s responsibility
  • Legal Jurisdiction:
    • Any disputes will be resolved under the laws of your jurisdiction
    • We do not accept responsibility for legal issues arising from service use
    • Users must ensure their use complies with local regulations

Important: By using our service, you acknowledge and accept these terms. We explicitly disclaim all warranties and liabilities. Users assume all risks associated with using our service.

We are committed to protecting your privacy and personal information. Our Privacy Policy explains how we collect, use, disclose, and safeguard your information.

Information We Collect:

  • Personal Information: Name, email address, billing information
  • Website Data: Domain names, IP addresses, traffic patterns
  • Technical Data: Browser type, operating system, device information
  • Usage Data: How you interact with our services

Your Rights:

  • Access your personal information
  • Request data correction or deletion
  • Opt-out of marketing communications
  • Export your data

For privacy-related questions, contact us at: [email protected]

For full details, see our Privacy Policy page.

All payments can be refunded within 14 days of purchase. No exceptions.

All purchases and subscriptions for Boteraser are processed securely through Paddle.com, which acts as the Merchant of Record. Paddle handles billing, invoicing, taxes, and refund processing on our behalf.

How to Request a Refund:

Please include your order number, email used during purchase, and reason for the refund request.

For full details, see our Refund Policy page.

You can find our Terms of ServicePrivacy Policy, and Refund Policy linked in the footer of our website and within your user panel.

13. Account & Profile Management

Password Change Process:

  1. Log into your Boteraser account
  2. Navigate to your Profile Settings
  3. Enter your new password (must meet security requirements)
  4. Click “Save Changes”

Password Requirements:

  • Minimum 8 characters in length
  • Must contain at least one uppercase letter
  • Must contain at least one lowercase letter
  • Must contain at least one number
  • Must contain at least one special character
  • Cannot be the same as your previous 5 passwords

Note: You will need to use your new password the next time you log in.

Updating Your Profile:

  1. Access your account dashboard
  2. Go to “Profile Settings” or “Account Information”
  3. Edit the fields you want to update:
    • Name
    • Company
    • VAT Number
    • Country
    • Address
  4. Click “Save Changes” to update your profile

Note: Your email address is read-only and cannot be changed.

Setting Up 2-Step Authentication:

  1. Navigate to Security Settings in your account
  2. Find the “2-Step Authentication” section
  3. Click “Enable 2-Step Authentication”
  4. Test the 2-Step Authentication setup by logging out and back in

Note: We strongly recommend enabling 2-Step Authentication for enhanced account security.

Accessing Activity Logs:

To view your account activity, simply go to the “Logs” page in your Boteraser dashboard. There, you’ll find a detailed table showing all key actions related to your account.

Log Entry Format:

Each log entry includes the following columns

  • Date – The exact date and time the event occurred
  • User – Your username and display name
  • Category – Type of activity:
  1.  AUTH – Login and authentication events
  2.  SECURITY – Security-related actions and warnings   
  3.  BILLING – Subscription and payment activity
  4. SYSTEM – System messages and internal events
  • Action – A description of what happened
  • IP Address – The IP address from which the event originated

Tips for Reviewing Logs:

  •  Look for unusual IPs or unexpected login locations
  • Monitor login activity, including failed login attempts
  • Track billing and system changes for full transparency
  • Use filters (by date or category) to narrow results

If you spot anything suspicious, we recommend:

  1. Changing your password immediately
  2. Enabling Two-Factor Authentication (2FA)
  3. Logging out from all other sessions
  4. Contact our support team for assistance

Accessing Activity Logs:

  1. Click on your profile avatar in the top right corner
  2. Select “Logs” from the dropdown menu
  3. Or navigate directly to the Logs page

Available Information:

The logs table provides a detailed history of your account activity, including:

  • Date: Exact timestamp of the event
  • User: The user account that performed the action
  • Category: Type of event (Billing, Security, System, Auth)
  • Action: Description of the specific activity
  • IP Address: The IP address from where the action originated

Filtering Options:

  • Filter by Category (Billing, Security, System, Auth)
  • Filter by Date Range (Start Date and End Date)
  • Adjust the number of records displayed per page

What to Look For:

  • Suspicious Locations: Logins from unexpected geographic locations
  • Unknown Devices: Access from devices you don’t recognize
  • Failed Attempts: Multiple failed login attempts may indicate attack attempts
  • Unusual Times: Account access at times when you weren’t using it

If You Notice Suspicious Activity:

  • Change your password immediately
  • Enable 2SA if not already active
  • Log out all other sessions
  • Contact our support team

All times shown in the dashboard interface regarding our servers are set to display information in UTC (Coordinated Universal Time). This setting cannot be changed.

Get Protected Today

Secure your website from bots and attacks with BotEraser.
7-Days Free Trial