WP-Safety

EDH Bad Bots Security & Risk Analysis

wordpress.org/plugins/edh-bad-bots

A smart WordPress plugin that automatically blocks malicious bots and crawlers that ignore your site's robots.txt file.

20 active installs v1.4.3 PHP 7.4+ WP 6.2+ Updated Sep 6, 2025
botsdnshostnameptrsecurity
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is EDH Bad Bots Safe to Use in 2026?

Generally Safe

Score 100/100

EDH Bad Bots has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The 'edh-bad-bots' plugin exhibits a generally strong security posture with a clean vulnerability history. The extensive use of prepared statements for all SQL queries and the high percentage of properly escaped output are commendable practices. Nonce and capability checks are also present, indicating an awareness of WordPress security best practices. The absence of known CVEs and a history of unpatched vulnerabilities further bolster its security profile.

However, the taint analysis reveals two flows with unsanitized paths, flagged as high severity. While no critical taint flows or vulnerabilities have been recorded, these high-severity unsanitized paths represent a potential risk. It's crucial to investigate these specific flows to ensure they are handled appropriately and do not lead to exploitable vulnerabilities, especially in conjunction with the single external HTTP request.

In conclusion, 'edh-bad-bots' v1.4.3 is a securely developed plugin with good adherence to best practices. The primary area of concern lies in the two high-severity taint flows with unsanitized paths, which warrant further investigation to mitigate any potential risks. The plugin's excellent historical record suggests that these issues, if present, are likely manageable.

Key Concerns

  • High severity taint flow with unsanitized path
  • High severity taint flow with unsanitized path
Vulnerabilities
None known

EDH Bad Bots Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

EDH Bad Bots Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
34 prepared
Unescaped Output
2
68 escaped
Nonce Checks
6
Capability Checks
7
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared34 total queries

Output Escaping

97% escaped70 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
handle_save_options (includes\class-edhbb-admin.php:285)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

EDH Bad Bots Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 14
actionedhbb_update_hostnames_cronedh-bad-bots.php:55
actionplugins_loadededh-bad-bots.php:101
filterrobots_txtedh-bad-bots.php:145
actionwp_footeredh-bad-bots.php:183
actionadmin_menuincludes\class-edhbb-admin.php:26
actionadmin_enqueue_scriptsincludes\class-edhbb-admin.php:29
actionadmin_post_edhbb_add_whitelist_ipincludes\class-edhbb-admin.php:32
actionadmin_post_edhbb_remove_whitelist_ipincludes\class-edhbb-admin.php:33
actionadmin_post_edhbb_remove_blocked_botincludes\class-edhbb-admin.php:34
actionadmin_post_edhbb_save_optionsincludes\class-edhbb-admin.php:37
actionadmin_post_edhbb_update_hostnamesincludes\class-edhbb-admin.php:40
actionadmin_post_edhbb_force_refresh_all_hostnamesincludes\class-edhbb-admin.php:43
actioninitincludes\class-edhbb-blocker.php:28
actiontemplate_redirectincludes\class-edhbb-blocker.php:29

Scheduled Events 1

edhbb_update_hostnames_cron
Maintenance & Trust

EDH Bad Bots Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 6, 2025
PHP min version7.4
Downloads305

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

EDH Bad Bots Alternatives

BBQ Firewall – Fast & Powerful Firewall Security

BBQ Firewall – Fast & Powerful Firewall Security

block-bad-queries

A
100

The fastest firewall plugin for WordPress. Protect against a wide range of threats with minimal performance impact.

100K No CVEs
Shield: Blocks Bots, Protects Users, and Prevents Security Breaches

Shield: Blocks Bots, Protects Users, and Prevents Security Breaches

wp-simple-firewall

B
83

Shield stops bot attacks before they hack your site. Bots CAN be stopped. Shield stops them.

40K 11 CVEs
Blackhole for Bad Bots

Blackhole for Bad Bots

blackhole-bad-bots

A
98

Blackhole is a WordPress security plugin that detects and traps bad bots in a virtual black hole, where they are denied access to your entire site.

30K 1 CVE
Banhammer – Monitor Site Traffic, Block Bad Users and Bots

Banhammer – Monitor Site Traffic, Block Bad Users and Bots

banhammer

A
99

Monitor traffic and ban unwanted visitors. Block any user or IP address so they can't access your site.

1K 1 CVE
CloudFilt Bot & Spam Protection

CloudFilt Bot & Spam Protection

cloudfilt-codes

A
100

Prevent and stop bots traffic. This plugin inserts in your website the CloudFilt codes for the security tracking available on https://cloudfilt.com/.

600 No CVEs
Developer Profile

EDH Bad Bots Developer Profile

EncodeDotHost

2 plugins · 20 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect EDH Bad Bots

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output
<a href="" rel="nofollow" tabindex="-1">Sssshhh, secret bot trap!</a>
FAQ

Frequently Asked Questions about EDH Bad Bots