First stable release. AI referrer tracking via utm_source (ChatGPT, Claude, Gemini, Perplexity, Copilot). AI feed options now enabled by default. Feed limit increased to 100 posts.<\/p>","0.1.3":"
Yoast SEO compatibility, visual analytics dashboard (now the default tab), and configurable AI endpoints. See which AI bots are crawling your site. Use the "Use Yoast llms.txt" toggle if you want Yoast to manage llms.txt. Configure which post types appear in your AI endpoints.<\/p>","0.1.2":"
New AI-ready endpoints: llms.txt, JSON feed, and per-post markdown. Makes your content discoverable by AI systems without any external dependencies.<\/p>","0.1.1":"
Important security and correctness fixes. Human visitors now correctly bypass gating. Whitelist-only mode now properly denies non-whitelisted agents.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3442835,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3442835,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3442835,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3442835,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["0.1.0","1.0.0"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Analytics tab - Visual dashboard showing bot traffic, charts, stats cards, and decision breakdown","2":"AI Endpoints tab - Enable llms.txt, JSON feed, and markdown with copyable URLs","3":"Configuration tab - Configure verifier URL, default policy, and access controls","4":"Per-post policy override in the post editor"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2353,4866,9837,244604,600],"plugin_category":[54],"plugin_contributors":[254294],"plugin_business_model":[],"class_list":["post-273679","plugin","type-plugin","status-publish","hentry","plugin_tags-ai","plugin_tags-bots","plugin_tags-crawler","plugin_tags-llms-txt","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-hammadtq","plugin_committers-hammadtq"],"banners":{"banner":"https:\/\/ps.w.org\/openbotauth\/assets\/banner-772x250.png?rev=3442835","banner_2x":"https:\/\/ps.w.org\/openbotauth\/assets\/banner-1544x500.png?rev=3442835","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/openbotauth\/assets\/icon-128x128.png?rev=3442835","icon_2x":"https:\/\/ps.w.org\/openbotauth\/assets\/icon-256x256.png?rev=3442835","generated":false},"screenshots":[],"raw_content":"\n
OpenBotAuth<\/strong> helps publishers control automated access from AI crawlers and agents. It verifies requests using RFC 9421 HTTP Message Signatures (via a configurable verifier) and applies per-site or per-post policies like allow, deny, teaser previews, and 402 payment-required responses. It also publishes AI-friendly endpoints like llms.txt, a JSON feed, and per-post Markdown.<\/p>\n\n Instead of blocking all bots or allowing unrestricted access, you can:<\/p>\n\n OpenBotAuth provides machine-readable endpoints for AI systems:<\/p>\n\n Configure which post types to include (posts, pages, or custom types) and set the feed limit (up to 500 items). All data is served locally from your WordPress database. No external tracking or telemetry. Only published, non-password-protected posts are exposed.<\/p>\n\n This plugin connects to an external verifier service.<\/strong> When a signed bot request is received, the plugin sends the following data to your configured verifier URL via Privacy protection:<\/strong> Sensitive headers (cookies, authorization, proxy-authorization, www-authenticate) are NEVER forwarded, even if present in the request. If a bot's signature covers a sensitive header, verification will fail with a clear error.<\/p>\n\n No WordPress user accounts or personal data is transmitted.<\/strong> Only the headers explicitly covered by the bot's signature are forwarded to enable cryptographic verification. Note that the URL may include query parameters depending on your site's structure.<\/p>\n\n You can:\n* Use the hosted verifier at Analytics are local-only.<\/strong> Decision counts (allow\/teaser\/deny\/pay\/rate_limit) and bot traffic observations (User-Agent based) are stored in your WordPress database. No analytics data is sent to external servers.<\/p>\n\n For more information, please review our Terms of Service<\/a> and Privacy Policy<\/a>.<\/p>\n\n openbotauth_policy<\/strong>\nModify policy before applying:<\/p>\n\n openbotauth_verified<\/strong>\nTriggered when a bot is verified:<\/p>\n\n openbotauth_payment_required<\/strong>\nTriggered when 402 is returned:<\/p>\n\n openbotauth_should_serve_llms_txt<\/strong>\nDisable llms.txt endpoint (e.g., when using Yoast):<\/p>\n\n openbotauth_should_serve_feed<\/strong>\nDisable JSON feed endpoint:<\/p>\n\n openbotauth_should_serve_markdown<\/strong>\nDisable markdown endpoints:<\/p>\n\n openbotauth_feed_item<\/strong>\nModify feed items:<\/p>\n\n openbotauth_markdown_content<\/strong>\nPost-process markdown output:<\/p>\n\n No, you can enable the hosted verifier in Settings by checking \"Use hosted OpenBotAuth verifier\". For privacy requirements or custom configurations, you can self-host the verifier service. The plugin does not contact any external service until you explicitly configure it.<\/p><\/dd>\n No. The plugin only applies to requests that include RFC 9421 signature headers. Normal browser requests without signature headers see full content and bypass OpenBotAuth entirely.<\/p><\/dd>\n\n
Key Features<\/h4>\n\n
\n
AI-Ready Endpoints<\/h4>\n\n
\n
How It Works<\/h4>\n\n
\n
External Service Disclosure<\/h4>\n\n
wp_remote_post<\/code>:<\/p>\n\n\n
https:\/\/verifier.openbotauth.org\/verify<\/code>\n* Self-host the verifier service (see documentation)\n* The verifier service may log requests server-side depending on your configuration<\/p>\n\nDeveloper Hooks<\/h3>\n\n
Filters<\/h4>\n\n
add_filter('openbotauth_policy', function($policy, $post) {\n if ($post->post_type === 'premium') {\n $policy['price_cents'] = 1000;\n }\n return $policy;\n}, 10, 2);\n<\/code><\/pre>\n\nActions<\/h4>\n\n
add_action('openbotauth_verified', function($agent, $post) {\n error_log(\"Bot {$agent['jwks_url']} accessed post {$post->ID}\");\n}, 10, 2);\n<\/code><\/pre>\n\nadd_action('openbotauth_payment_required', function($agent, $post, $price) {\n \/\/ Track payment requests\n}, 10, 3);\n<\/code><\/pre>\n\nAI Endpoint Filters (v0.1.2+)<\/h4>\n\n
add_filter('openbotauth_should_serve_llms_txt', '__return_false');\n<\/code><\/pre>\n\nadd_filter('openbotauth_should_serve_feed', '__return_false');\n<\/code><\/pre>\n\nadd_filter('openbotauth_should_serve_markdown', '__return_false');\n<\/code><\/pre>\n\nadd_filter('openbotauth_feed_item', function($item, $post) {\n $item['custom_field'] = get_post_meta($post->ID, 'my_field', true);\n return $item;\n}, 10, 2);\n<\/code><\/pre>\n\nadd_filter('openbotauth_markdown_content', function($markdown, $post) {\n return $markdown . \"\\n\\n---\\nCopyright notice here\";\n}, 10, 2);\n<\/code><\/pre>\n\n\n\n
wordpress-openbotauth<\/code> folder to \/wp-content\/plugins\/<\/code><\/li>\n\n
http:\/\/localhost:8081\/verify<\/code> for local dev)<\/li>\n\n
Do I need to run my own verifier service?<\/h3><\/dt>\n
Will this block normal human visitors?<\/h3><\/dt>\n