Documentation
ScraperBlock
Rate Limiter

Rate Limiter

ScraperBlock's rate limiter tracks request counts per IP using WordPress transients.

How It Works

  1. On each request, ScraperBlock checks (or creates) a transient keyed by the visitor's IP hash.
  2. The transient stores the request count and a 60-second expiry.
  3. If the count exceeds Requests Per Minute, a 429 Too Many Requests response is returned.
  4. The block persists until the transient expires (60 seconds from first request in the window).

IP Detection

Rate limiting uses proxy-aware IP detection, checking headers in this order:

  1. HTTP_CF_CONNECTING_IP (Cloudflare)
  2. HTTP_X_FORWARDED_FOR (first IP)
  3. HTTP_X_REAL_IP
  4. REMOTE_ADDR
💡

If legitimate users are being rate-limited (e.g., on media-heavy pages with many parallel requests), increase the Requests Per Minute threshold or enable Exempt from Rate Limit on specific pages via the Per-Page Control.

Htaccess BlockingRequest Logging