WordPress: How To Prevent Bad Bots In 2022

Good bots, such as Google Bots, Bing Bots, Facebook Bots, and so on, collect data from your website in order to help it rank higher in search engines.

In contrast to good bots, there are bad bots whose sole purpose is to use the host’s resources. Some not good bots are AhrefsBot, SEMrushBot, MJ12Bot (Majestic), DotBot (MOZ), and others created by SEO tools. If you do not use these SEO tools, it is preferable to permanently ban them.

In this article, Wplegible will show you how to simply ban bad bots from accessing your WordPress website.

Why You Need To Block Bad Bots?

  • They provide no benefit to your website unless you employ third-party SEO tools. 
  • They use host resources (RAM, CPU, bandwidth, etc.) and can cause the website to load slowly, if not completely. 
  • Some bad bots pose a security risk to the website. They are frequently used in attack tactics such as SQL injections and cross-site scripting (XSS). 
  • Competitors may utilize bots to evaluate SEO data from your website.

Block Bad Bots With Defender Security Plugin

First you need to install and activate the Defender Security plugin.

Next, go to Defender and click the Activate & Configure button to let the plugin help you set up some initial options. If you have installed the Defender Security plugin before, skip this step.

Wait a moment and click the Finish button to finish.

Go to Defender -> Firewall -> User Agent Banning -> If you see this feature is not enabled, click the Activate button to enable it.

After activating, you can switch the Empty Headers item to the on state. The rest of the entries should be left as default.

blocking bad bots

Some bad bots that you should block include:

  • MJ12Bot
  • AhrefsBot
  • SEMrushBot
  • DotBot
  • MauiBot
  • AspiegelBot
  • PetalBot
  • SiteAuditBot
  • SplitSignalBot

Copy and paste them into the Blocklist box in the User Agents section. Click the Save Changes button to save it.

You can see the list of blocked bots in Defender -> Firewall -> Logs. Click the Ban User Agent button to block them permanently. Soon, their names will be updated to the BlockList.

In order for the Defender plugin not to save too much log, causing the database to be heavy, you can customize the settings in Defender -> Firewall -> Settings.

In there:

  • Log Storage: You may specify the number of days to save the log based on your demands; the lower the number, the larger the database.
  • Erase logs: allows you to manually delete logs.

To save it, click the Save Changes button.


You can prevent harmful bots from accessing your WordPress website with only a few simple actions. You may also read our articles on why your website might be hacked and the ultimate security guide to secure your website.


I am a business owner who enjoys learning about website-related topics. I want to share good and new things with everyone and take part in activities that I haven't done before.

Leave a Reply

Your email address will not be published. Required fields are marked *