The major web security vulnerability is the first entrance, the login.
Despite this, CMS providers offer a poor login system and leave it to the end-users to protect their website against bots. This means that hundreds of millions of end-users are supposed to be skilled enough to do this, whereas they had chosen for a CMS because of their lack of skill.
If the most popular CMS providers (Wordpress, Joomla, Drupal, Magento) would spend one hour in including XS4HumansOnly in their -PHP based- package, the web world would be protected against password guessing bots in one blow
The communication between Server and Bot is a code-to-code connection.
If a bot does not encounter a FORM tag after his GET-request, he does not send a POST-request
The quintessence of XS4HumansOnly is: