From 89422d7560d27f6edc6567668847265e88285555 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 29 Nov 2025 10:19:44 +0000
Subject: [PATCH 1/2] Initial plan


From 15e19bb72d3f9d7d5eecc9c08d0ad8959a58b693 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 29 Nov 2025 10:25:13 +0000
Subject: [PATCH 2/2] Add svelte-kit-bot-block to block rogue bot traffic

Co-authored-by: maiertech <1482402+maiertech@users.noreply.github.com>
---
 package.json        |  3 +++
 src/hooks.server.ts | 22 ++++++++++++++++++++--
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index ef2a9c17..38d23396 100644
--- a/package.json
+++ b/package.json
@@ -14,6 +14,9 @@
 		"lint": "prettier --check . && eslint .",
 		"format": "prettier --write ."
 	},
+	"dependencies": {
+		"svelte-kit-bot-block": "^0.0.7"
+	},
 	"devDependencies": {
 		"@content-collections/core": "^0.12.0",
 		"@content-collections/vite": "^0.2.7",
diff --git a/src/hooks.server.ts b/src/hooks.server.ts
index ae282432..98669eb9 100644
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -1,7 +1,22 @@
+import { sequence } from '@sveltejs/kit/hooks';
+import { createHandler, defaultOptions } from 'svelte-kit-bot-block';
 import type { Handle } from '@sveltejs/kit';
 
-export const handle: Handle = async ({ event, resolve }) => {
-	// Preload web fonts.
+// Block rogue bot traffic (WordPress scanners, vulnerability probing, etc.).
+// Requests matching pathname patterns return 404, all other blocks return 410.
+// Run with { log: true, block: false } first to test, then enable blocking.
+const botBlock = createHandler({
+	log: true,
+	block: true,
+	pathnames: [
+		...defaultOptions.pathnames,
+		// Block additional WordPress-related paths not covered by defaults.
+		/\/wp-includes/
+	]
+});
+
+// Preload web fonts.
+const preloadFonts: Handle = async ({ event, resolve }) => {
 	const response = await resolve(event, {
 		preload: ({ type, path }) => {
 			if (type === 'font') {
@@ -12,3 +27,6 @@ export const handle: Handle = async ({ event, resolve }) => {
 	});
 	return response;
 };
+
+// Bot blocking should run first to reject bad requests early.
+export const handle = sequence(botBlock, preloadFonts);