Zero Budget Bot Shield

FAQ

Does this plugin block countries without using third-party APIs?

Yes. Zero Budget Bot Shield blocks countries without using any third-party IP lookup or geolocation API.

The plugin reads country codes directly from GeoIP headers already provided by your infrastructure, such as:

• Cloudflare IP country headers
• Hosting provider GeoIP headers
• Server-level GeoIP integrations

No external requests are made, and no visitor IP addresses are sent outside your website.

Does Zero Budget Bot Shield work with Cloudflare?

Yes. If your site is behind Cloudflare, the plugin automatically uses Cloudflare’s country header to detect visitor location.

There is no additional configuration required beyond having Cloudflare enabled on your domain.

Will this plugin work without Cloudflare?

Yes, provided your hosting environment supplies GeoIP country headers.

Many managed WordPress hosts and VPS setups already expose these headers at the server level. If no GeoIP headers are detected, the plugin will clearly notify you in the admin dashboard.

What happens if GeoIP headers are not available?

If GeoIP headers are not present, country-based blocking will not activate. However:

• 404 abuse protection will continue to function normally
• No errors or site breakage will occur
• The plugin will display a clear status notice in the admin panel

This ensures safe operation even on minimal hosting setups.

What is 404 abuse protection and how does it work?

404 abuse protection defends your site against bots that repeatedly request non-existent URLs.

Zero Budget Bot Shield monitors repeated 404 responses per IP and automatically blocks abusive requests when configurable thresholds are exceeded.

This helps reduce:

• Unnecessary server load
• Log pollution
• Bot-driven crawling and probing

Can I control the 404 block limits?

Yes. You can configure:

• Maximum allowed 404 requests
• Time window for detection

These settings allow you to tune protection based on your traffic patterns.

Is this plugin lightweight and low on resources?

Absolutely. Zero Budget Bot Shield is designed for minimal resource usage.

It does not:

• Load front-end scripts or styles
• Run background cron jobs
• Query external services
• Use heavy JavaScript frameworks

All logic executes only when relevant requests occur.

Does this plugin slow down my website?

No. When configured correctly, the plugin adds negligible overhead.

Because it relies on existing request headers and simple conditional logic, performance impact is minimal compared to API-based security plugins.

Does this plugin log visitor IP addresses?

No personal data is stored.

The plugin records aggregated block statistics by country and reason only. Individual IP addresses are not logged, stored, or exported.

This makes the plugin suitable for privacy-conscious sites.

Is Zero Budget Bot Shield GDPR-friendly?

Yes. Because no personal data is transmitted to third-party services and no IP addresses are stored, the plugin aligns well with privacy regulations such as GDPR.

Always consult your legal advisor for compliance requirements specific to your site.

Are any features locked behind a paywall?

No.

Zero Budget Bot Shield is completely free. All features are included, enabled, and usable without:

• Subscriptions
• Licenses
• Upgrade prompts
• Hidden limitations

Does this plugin require an API key?

No API keys are required. This plugin does not connect to external services and does not transmit visitor data off-site.

There are no accounts to create, no services to sign up for, and no usage quotas.

Can I export block statistics?

Yes. Blocked event statistics can be exported as a CSV file directly from the WordPress admin area for reporting or analysis.

Is this plugin safe to use on shared hosting?

Yes. The plugin is well-suited for shared hosting environments due to its low resource usage and absence of background processes.

Does this plugin follow WordPress.org coding standards?

Yes. Zero Budget Bot Shield:

• Uses WordPress Settings API
• Uses nonces and capability checks
• Avoids bundled third-party libraries
• Follows WordPress.org plugin review guidelines

Who is this plugin best suited for?

This plugin is ideal for:

• Small businesses
• Non-profits and community organizations
• Personal websites and blogs
• Developers who prefer self-contained tools
• Sites needing geo blocking without paid services

How do I enable GeoIP country detection on my server?

Zero Budget Bot Shield relies on GeoIP country headers provided by your web server or CDN. Many modern hosting providers already enable GeoIP by default, so no action is required in most cases.

If GeoIP headers are not detected, and your host supports Apache GeoIP or GeoIP2, you may be able to enable it by adding a simple directive to your .htaccess file.

GeoIPEnable On

After saving the file, refresh your WordPress admin page and revisit the plugin settings. If GeoIP headers are available, the plugin will automatically begin detecting visitor countries.

Important notes:

• Not all hosting environments support GeoIP via .htaccess
• Some managed hosts enable GeoIP globally and do not allow manual configuration
• If you are unsure, contact your hosting provider and ask whether GeoIP or GeoIP2 headers are enabled
• If you are using Cloudflare, GeoIP headers are enabled automatically on supported plans
• The plugin will clearly indicate in the admin area whether GeoIP headers are detected, so you always know if country-based blocking is active.