Skip to content
A PHP library that provides anti-scraping and online session control.
Branch: master
Clone or download
Latest commit 5b28660 Jun 19, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Add denyAll method. Jun 17, 2019
tests Ongoing - Memcache driver and MongoDB driver. Jun 10, 2019
.gitignore Add redisDriver Jun 7, 2019
.travis.yml Update travis.xml Jun 7, 2019
LICENSE Initial commit May 14, 2019 Merge pull request #2 from staabm/patch-1 Jun 18, 2019
composer.json Add Travis CI. May 22, 2019
phpunit.xml Update unit test. Jun 1, 2019


Build Status codecov PHP from Packagist License: MIT

Shieldon, a PHP library that provides anti-scraping and online session control for your web application. As if you are using a shield on your web applicaion to fight against bad-behavior bots, crawlers or vulnerability scanning and so on.


Use PHP Composer:

composer require terrylinooo/shieldon

Or, download it and include the Shieldon autoloader.

require 'Shieldon/src/autoload.php';

How to use

Here is a full example to let you know how Shieldon works.

$shieldon = new \Shieldon\Shieldon();

// Use SQLite as the data driver.
$dbLocation = APPPATH . 'cache/shieldon.sqlite3';
$pdoInstance = new \PDO('sqlite:' . $dbLocation);
$shieldon->setDriver(new \Shieldon\Driver\SqliteDriver($pdoInstance));

// Set components.
// This component will only allow popular search engine.
// Other bots will go into the checking process.
$shieldon->setComponent(new \Shieldon\Component\TrustedBot());

// You can ignore this setting if you only use one Shieldon on your web application. This is for multiple instances.

// Only allow 10 sessions to view current page.
// The default expire time is 300 seconds.

// Set a Captcha servie. For example: Google recaptcha.
$shieldon->setCaptcha(new \Shieldon\Captcha\Recaptcha([
    'key' => '6LfkOaUUAAAAAH-AlTz3hRQ25SK8kZKb2hDRSwz9',
    'secret' => '6LfkOaUUAAAAAJddZ6k-1j4hZC1rOqYZ9gLm0WQh',

// Start protecting your website!

$result = $shieldon->run();

if ($result !== $shieldon::RESPONSE_ALLOW) {
    if ($shieldon->captchaResponse()) {

        // Unban current session.
    // Output the result page with HTTP status code 200.


When the users or robots are trying to view many your web pages in a short period of time, they will temporarily get banned. Get unbanned by solving a Catpcha.

When an user has reached the online session limit. You can set the online session limit by using limitSession API.

When an user has been permanently banned.

Case Studies

I have made a WordPress plguin called WP Shieldon, it is based on Shieldon library. You can check out the source code to understand about how to implement Shieldon in your PHP project.




Shieldon library is brought to you by Terry L. from Taiwan.

You can’t perform that action at this time.