How to Block Bad Bots with htaccess for WordPress

Last updated on December 06th, 2014 by Robert Abela. Filed under WordPress Security Hacks

Bots, short for robots, are computer programs that browse (surf) websites all over the internet and automatically perform specific tasks.  Like almost everything else on the internet, there are good bots and bad bots. In this article we will explain what bots are and how to block bad bots with .htaccess files.

Good bots are used by search engines such as Google and Yahoo to crawl your website, learn about it and use such information so your website can rank in the search engine results. Bad bots are typically used to harvest email addresses from websites, which later are used by spammers. Bad bots are also used to find security vulnerabilities in websites. When vulnerabilities are found by these bad bots, they are later exploited by hackers.

New to htaccess? Check the Definitive Guide to htaccess and WordPress!

Why you need to protect WordPress from bad bots?

The main three reasons why you would need to protect your WordPress from bad bots are spam, bandwidth, which costs money and WordPress security.

Htaccess file to block bad bots

You can block a single bad bot from accessing your WordPress by using an htaccess file. By using the htaccess file in example below, we are going to block a bad bot with the user-agent string evilbot.

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^evil
RewriteRule ^(.*)$ http://no.access/

The above htaccess sample is checking the user-agent of the bad bot, and if it matches evil it will be redirected to a non-existing website If you would like to block multiple bad bots from accessing your WordPress, use the [OR] operand in the htaccess file and add a line for each bad bot you want to block, as shown in the below example.

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^evilbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^spambot [OR]
RewriteCond %{HTTP_USER_AGENT} ^virusbot
RewriteRule ^(.*)$ http://no.access/

WP White Security Webmaster Tip: Bad bots are like pests; it is impossible to get rid of them. You can have the most extensive list of bad bots but new ones will appear every day. I wrote this article so you can effectively block bad bots which are badly affecting your WordPress website and not to block all the bad bots on the internet.

WordPress Hosting, Firewall and Backup

WP White Security is hosted on A2 Hosting, protected with BBQ:Block Bad Queries Firewall and backed up with BlogVault online WordPress backup service

Leave a Reply

Your email address will not be published. Required fields are marked *