How To Block Bad Bots In WordPress? Best Tips To Follow


Are you also worried about the bots disturbing and slowing down the progress of your WordPress website? One of my blogging friends also was, but now he is not. Wonder how? I guided him about how to block bad bots in WordPress, and once he followed me, he got the results.

A bot is an acronym for robots, computer programs designed by professionals for different tasks. The bots automate tasks, and they don’t need instructions. To be honest, a human cannot compete with a bot while both are working on the same task.

Almost half of the internet traffic is bots and not actual humans. These bots search web pages and perform other functions for which they are designed or programmed. However, sometimes WordPress website owners have a big headache with these bots.

Block Bad bots in WordPress: Overview

Getting rid of the bots is necessary to get more traffic and increase your website’s ranking on the search engines. Though some of these bots are good and useful, bad bots can disrupt your website’s working or slow it down.

When it comes to blocking bad bots in WordPress, there are many methods. However, selecting the suitable approach is what measures your success.

This guide below on how to block bad bots in WordPress might help you. Here I have discussed all details of the bots, their uses, and how to get rid of them when not needed. Please give it a thorough reading to keep bad bots away.

Why Block WordPress Bad Bots?

Some people might wonder why it is necessary to block bad bots from your WordPress website. Some bots can be very harmful and prove fatal to your website. If the bot traffic to your website increases too much, it can cause severe problems to your website.

These are some problems that bad bots can cause to your website:

Steal Data

Some bots are programmed to download data from sites. These bots can also access the website’s data, such as clients’ or visitors’ info. Once they get access to it, they can leak the user credentials.

Spread Spam Content

As bots can have access to your website’s data, they can also make changes to the content on your website. They can put spam content instead of the original one. However, this only happens if the website’s security is not good enough to stop the bots.

Spam Comments

Bots can place spam comments in your website’s comment section, which might not be good. Spam comments may annoy your users and can be responsible for lowering your website’s reputation.

Server Overloading 

Too much bot traffic can lead to an increased load on your server, which reduces the website’s response speed. Users never like slow websites, even if the content is good.


Some advanced bots can cause severe cyberattacks on your website if it is unsecured or the security isn’t more substantial.

Due to these reasons, every website owner should manage bots coming to their website. However, blocking all the bots is also not in favor of your website. You only have to block the bad ones. So be careful!

How To Block Bad Bots In WordPress?

Now, you might know why it is necessary to block bad bots. But there is a question that many of you might have, how to stop bad bots in WordPress. After detailed research and some of my experience, I have some best solutions for you.

Though WordPress also offers bot protection services, there are many other tools and websites that you can use to block bad bots. You may also use plugins such as bad bot blocker WordPress plugin, Wordfence plugin, etc.

Let’s look at every possible solution to block bad bots in WordPress.

1. Use Bot Protection in Cloudways

Besides offering hosting services, Cloudways also allows you to protect your site from unwanted bots. Just activate the bot protection feature of Cloudways and eliminate the bots.

Why Use Cloudways Bot?

Cloudways bot protection feature blocks bots and allows you to monitor the bot traffic to your site. We know all bots are not bad, so we must allow good bots to access our site.

Cloudways bot protection allows you to whitelist the good bots that might not harm your site. Some other features of Cloudways bot protection are as follows.

  1. Protection Against Dos Attacks

The DoS or Denial of Service attacks are so harmful that they can paralyze your website, stopping legitimate users from accessing it. Simply put, DoS is a huge number of requests that flood your website resulting in server overloading.

To get rid of it, the bot protection provides you with complete information on the traffic to your website, including their IP addresses. Immediately block them once you feel a sudden rise in traffic from unknown sources. It will prevent your site from crashing.

2. Protection Against Brute Force Attacks

Brute force attacks are suspicious login attempts to your website that can result in the hacking of your website. However, you also need to check your website regularly to catch the brute force attacks and get rid of them.

The bot protection monitors all the login attempts and traffic to your website and stores data like the IP address and username. It places successively failed login attempts in a separate category so you can see if they are bots or real users.

How To Enable Bot Protection In Cloudways?

Go to Applications > Select your App > Bot Protection


Click Bot Protection > Toggle on Active to enable the bot


Now, you can see the bad bots from the traffic and be able to block them & whitelist the legitimate ones.

In this Cloudways bot protection, we are getting a useful feature named – All Login Attempts to display the recent logins, so that you will feel more secure.

Likewise, the Traffic From Bad Bots section filters all your bad bot traffic. You may check the blocked traffic and whitelist the genuine ones.


Note – If you have already installed the Malcare plugin before moving your site to Cloudways and want to enable the bot protection, deactivate it.

If you are using any other hosting service, I would highly recommend Cloudways managed hosting to boost the performance of your business site.

2. Use Cloudflare Bot Fight Mod

Next comes the Cloudflare bot flight mod that helps eliminate the bots you think are harmful to you. You need to observe the bot traffic coming to your website and point the suspicious ones among them. Then, you can block them by using the Cloudflare firewall.

Cloudflare has two plans for providing bot protection services. One is the bot fight mod, and the other, which is a bit advanced, is the super bot fight mode. However, both methods require creating a rule to block bots, and here is how you do it.

  • After logging into Cloudflare, go to the firewall tab.
  • Click on firewall rules, and you will see the rules that you have previously created.
  • Click on the create rule button to create a new rule for new bots.
  • Give your rule a name; you can set any name.
  • Now, you have to enter the field, operator, and the name of the bot you want to block.
  • You can block multiple bots in a single by using the “or” feature.
  • It would be better if you wrote an expression for it.
  • Now, select the option as block and then deploy. 

And this is how you do it. You can now see the bots blocked by Cloudflare.

3. Limit Login Attempts

To be honest, your website is always at risk as today’s hackers know several ways to creep through your website’s defense system. However, you can create a strong password to keep hackers and bad bots away.

Limiting login attempts is also a way to eliminate the bots and keep unwanted or unrecognized visitors away. Limiting login attempts to your website can be pretty simple with the “Limit Login Attempts Reloaded” plugin.

Install Limit Login Attempts Reloaded

The first step is to install and activate the Limit Login Attempts Reloaded. This plugin is free to download and easy to use. It limits all the login attempts on your website and is, therefore, the best free option.

Customize Your Plugin

Now comes how and why to customize our plugin. Though recommended settings are applied to the plugin, you can customize your choice if you install it.

Go to the plugin’s settings, and there you can do customizations of your choice. You may select whether you want to be notified by mail when someone gets blocked.

You may also select the number of failed login attempts for one user. After specific failed login attempts done by a user, he would get blocked from trying again for some time.

You can also customize the time for the user to get blocked after several failed attempts.

4. Start Using Wordfence Plugin

Blocking bots with a Wordfence plugin is an advanced type and requires a specialty in configuring it. It has multiple options that allow you to block bots in several ways.

However, there is a risk that it might slow your website’s response time. Also, you may block legitimate bots or users from your site. So, here is how you should configure your Wordfence plugin not to block legitimate users.

Block Bots By Name

It is just like you did in Cloudflare bot protection. You must create a rule to add the bot’s hostname you want to block. Create separate rules for all the bots you want to stop. You may use the asterisk in every rule to block all the variations of that bot.

Block Bots With Rate Limiting

Blocking bots with Rate limiting is like the previous plugin (Limit Login Attempts Reloaded). It is the number of requests that a visitor can make within some specific time (in most cases, one minute). Wordfence offers two rate-limiting rules, which are as follows:

  • If anyone’s requests exceed
  • If a crawlers page views exceed

Though usually, both are set to unlimited, you can specify a number for both. This plugin is only for those who have huge traffic, and their site often becomes slow. If you have low traffic, don’t go for it, as blocking a legitimate user is a risk.

Wordfence Brute Force Protection

Whenever someone places a login request on your site, it is first intercepted by the Wordfence bot protection. It observes several patterns of the login attempt to spot if it is a regular login by some user or a bad bot attack.

Wordfence is a bit lenient here. It allows for 20 failed attempts in four hours. After that, it blocks the IP address for the next four hours. Its leniency is that legitimate users sometimes make errors while entering the password. Being too strict can block the official users from your site.

However, you can configure the settings, reduce the allowed failed attempts, or increase the block time. But we would recommend it to do only if you are the sole administrator of your website.

5. Take Help From htaccess File

There is no end to the bad blots attacking your site. You block one, and the next day you have three more. So, it is better to stop a bad bot as soon as possible. The Htaccess file can also help you prevent your site from bad bots. 

Though the Htaccess file can block most of the bots coming to your website, it can not recognize some bad bots. For such bots, you have to do some manual work. You have to identify the bot and create a blocking rule to block it.

We have previously discussed the blocking rule in the Cloudflare bot fight mod. You block a bot by using its hostname. However, the process is quite simple. Here is an example of it.

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^bad
RewriteRule ^(.*)$ http://no.access/

Replace “bad” with the bot’s hostname you want to block.

Conclusion: Block Bad Bots In WordPress

Well! That was all about how to block bad bots in WordPress so far. Running a website will become a headache if your bot traffic gets out of control. So, it is best to control it from when you start getting traffic on your site.

Though we discussed several methods above, I recommend Cloudways bot protection. As discussed in detail, it is the best method to protect your site from DoS and brute force attacks. So, go now and protect your site with the best method.

by Sakthi
Sakthi is a thoughtful guy who specializes in WordPress Setup & Design. He is interested in designing the functional & attractive WordPress themes for the Digital marketers & Bloggers and helping them attain their goals with a tailored site. Being an Elite author of, he is interested in sharing his knowledge through the helpful tutorials.

1 thought on “How To Block Bad Bots In WordPress? Best Tips To Follow”

Leave a Comment