Blackhole is a simple protection method that uses Robots.txt file, and adding new disallowed fake directory, and monitors that directory for any attempts to access it. Since the directory is listed in robots file only, and not linked anywhere, it should not be accessed by normal users, only bots that read robots file in the first place.

Plugin can automatically add new entry into Robots.txt file, only if your website uses WordPress powered virtual file. If you have real robots.txt file in your website installation root, you will need to manually add the new directive.

Blackhole Settings

If you are using virtual robots file (and most WordPress websites do), coreSecurity Pro will attempt to add required directive. And, you need to have the unique and fake name for the directory name to be used in the robots directive. By default, plugin will use random latin phrase, but you can set it to anything else.

Settings for Blackhole

Keep in mind:

  • Directory name has to be non-existent directory on server, and there must not be a page with the same slug in WordPress!
  • Make sure not to link to this URL anywhere on your website, it has to be in Robots file only.

If the robot/bot attempts to access the disallowed directory, plugin will intercept that request. When that happens, plugin can check the user agent and skip banning the IP if the uer agent is on the allowed user agents list. This is done because, while Google and other search engines and social networks usually obey the robots file directives, it can happen that they stumble into the blackhole. Finally, you can choose the action on capture: show message or just return 401 response code.

Important to know

There are few things that are very important to understand before using the Blackhole:

  • Bad bots can fake the user agent, and they can use valid user agent as their own.
  • Even good bots can stumble into the blackhole, and not every good bot obeys the robots.txt directives.


But, in some cases, that is not possible due to the other plugins hooking into the robots generator code, and in that case, there is no clear solution, it would most likely require changes in the conflicting plugin.

Rate this article

You are not allowed to rate this post.

Leave a Comment