How To Stop Spam Bots From Attacking Your WordPress Blog

Spammers are just ruining you!

I started a new blog and within 15 days I saw a spike in traffic. I was very happy, hurray! people are checking my blog. My Google analytics was showing me more than 500 visits, 95 new users and total numbers of users were more than 100 within 15 days.

I looked deeply into Google analytics and found that some strangers are referring traffic to my blog. Even I never heard about them. I researched them and also started a discussion on Inbound.org. After receiving responses from community members I found that people were not checking me but spammers were checking me. My happiness became my pain. Now I wanted to get rid of this nonsense. I was looking for a solution to stop spam bots from attacking my blog and ruining my analytics reports.

Let me introduce you with SPAMMERS?

Spammers are bots which are coming to your blog/site to crawl it, to get your data, to get referral traffic, to ruin your analytics data. Most of the time you see that some of the emails coming from unknown sources that you have got the lottery or you won prizes or some of the emails to get jobs in TOP MNCs and send you a long form to fill. They just do fraud with you, they misuse your data. In other words, they try every methods to ruin you. Nothing else. Still curious to know more about spamming read a dedicated page of Wikipedia on spamming.

Ok, just be around the blog/site’s spammers. I saw that many of the referral spammers are SEO agencies which I am getting on my blog. I can see that some spammers are trying to log in on my blog with matched user names with my domain name. One more disadvantage of an unwanted bot is, it consumes your resources and bandwidth.

How to stop spam bots from attacking your blog?

After researching a lot I am able to make a list of some easiest ways to stop spam bots. Let me explain you each way one by one.

1- Stop spams by .htaccess file:

.htaccess is a very powerful file located in your root directory. In other words, I can say that it operates your site. It has some rules for your server that how a server should behave. .htaccess has vast functioning. Know more about the .htaccess file at Apache.org.

Set rules in your .htaccess file to block particular IP/IPs and domain name.

Blocking by IP address:

#block spammers IP addresses
order allow,deny
deny from {IP address like 10.10.0.01}
deny from {2nd IP address, use one per line if you have multiple}
allow from all
# END spammers IP

Blocking by domain name:

#block spammers domain
order allow,deny
deny from {Block domain name like sapammers.com/crawler.html}
allow from all
# END spammers domain

You can also merge both rules together. Use only a particular IP address and a domain or use multiple IPs and domains, one per line.

# Referrer Block

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(.*)spamreferrer1\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(.*)spamreferrer2\.org [NC,OR]
RewriteRule (.*) – [F,L]
</IfModule>

To set some other rules to block spammer bots read a complete topic on LinuxReviews.org.

2- Using reCAPTCHA:

Using reCAPTCHA is a very good way to protect from bad bots to log in on your blog or to stop spam bots to do any repeated things like filling any form (contact us form), using the search box on a site. People can use reCAPTCHA to verify human and bots. Bots can’t (easily can’t) read or solve a puzzle to make a false claim that they are humans, not bots.

3- Disallow by Robots.txt file:

You can disallow bots to crawl you by your robots.txt file. But here you need to be very careful because it can disallow your complete blog to all known bots like Google bot or Bing bot. You can lose your traffic if you have not set instructions carefully.

Warning: Robots.txt file only conveys your instructions to bots. It does not force bots to follow instructions. Spammers 100% will skip your instructions. It is useful only when you got a bot and you felt that that was a spammer but that was not actually, in this case, the bot can follow your instructions. Or if you don’t want to give full access to your site to any particular or all bots, it will be useful. Robotstxt.org also agrees with this warning alert. 

Still want to use this so follow below instructions.

Block specific parts of your site:

User-agent: example
Disallow: /private/
Disallow: /messages/

Set things to be disallowed according to you.

Block complete site:

User-agent: example
Disallow: /

If  you are using WordPress:

WordPress users have lots of options to protect their blog from spammers. People can easily stop spam bots by using a plugin. These security plugins work automatically, you don’t need to anything manually.

1- WordFence security plugin:

WordFence security plugin is one of the topped security plugin available for WordPress. It comes in free and premium versions. The free version gives you enough functionalities to protect your blog if you don’t want to use premium in beginning. It blocks all spammers from IPs, countries, malicious login attacks etc.

It scans your site time to time and also gives you real time IP blocking feature. I am using it for a long time.

stop spam bots ip blocking

2- All In One WP Security & Firewall:

All in one WP security & firewall plugin is another best and free plugin to protect your site. It gives you great functionalities and shows the current security level of your blog. It has an integrated whois lookup to check that who is coming to your site. The best thing is it is completely free.

3- Jetpack by WordPress.com:

Jetpack is multi purpose plugin designed by Automattic. It gives free security protection to your blog. I mainly use it for site stats but also enabled security.

malicious attacks

4- Akismet:

Akismet is specially designed for comments spam and automatically contact us form submission. It scans all of the comments and stops the publishing of malicious contents on your blog. It is developed by WordPress.com.

Wrapping it up:

The Internet is full of spammers. As technology grows, spammers also being more intelligent. They are making different types of bad bots to crawl and steal website data. I found above are the best ways to stop spam bots, after doing a lot of research and asking advises from others. You can use above methods or you know anything else too.

If you found that something missed please let me know.

Leave a Reply

%d bloggers like this: