DOCS

Install PHP-only protection before the page renders.

PHP-only install lets the server ask KillBot for a decision before the protected page is served. Use it when the server should decide whether to allow, redirect, or block the visit before content loads.

Start free trial View pricing

Server-side check Protected Pages Before render Landing pages Forms

On this page

Best for. How PHP-only works. What you configure first. Where to get the script. Good rollout behavior. Related docs.

When to use it

Best for.

PHP landing pages

Keep bot traffic filtering in front of server-rendered campaign or landing pages.

Lead forms

Protect form routes before low-quality traffic reaches the CRM.

Signup routes

Apply landing page bot protection to high-value conversion steps.

Sensitive pages

Keep risky visits away from routes that should never load for suspicious traffic.

Server-side redirect handling

Let the PHP route own the first allow, redirect, or block decision.

Flow

How PHP-only works.

Step 1

Visitor opens protected URL

The request reaches the Protected Page before the real page is rendered.

Step 2

PHP package sends request context to KillBot

The server passes route context so KillBot can evaluate the visit.

Step 3

KillBot evaluates policy and signals

IP intelligence, ASN, category, schedule, and local route rules are checked together.

Step 4

Server allows, redirects, or blocks based on decision

The page only renders when the route outcome says it should.

Checklist

What you configure first.

Create a Protected Page.
Set the page URL/path.
Choose protection mode.
Add safe redirect target.
Start broad risky categories in redirect mode.
Review Traffic Log.

Dashboard package

Where to get the script.

The PHP package is available inside the authenticated dashboard after signup. Public docs explain the model, while the dashboard provides the current account-specific package and route token/configuration.

Safer rollout

Good rollout behavior.

Start with redirect mode for broad risky categories. Move to block mode only after Traffic Log confirms the pattern.

Public docs explain the PHP bot protection script model, but the exact files and route token stay inside the dashboard after signup.

Get started

Use PHP-only when the server should decide first.

Create one Protected Page, install the PHP package from the dashboard, and verify the first live decisions.