Protecting your WordPress website from bots is essential to maintain security, performance, and user experience. Bots can cause a range of issues, including spamming, brute force attacks, and scraping of content. Here are six effective methods to safeguard your site: Google reCAPTCHA, WordFence, Cloudways server-level bot firewalls, using a CDN with bot protection, regularly updating WordPress and its plugins, and advanced configurations using the .htaccess file.
Google reCAPTCHA
Google reCAPTCHA helps distinguish between human users and bots, preventing automated abuse of forms on your website.
Steps to Implement Google reCAPTCHA:
- Sign Up for Google reCAPTCHA:
- Visit the Google reCAPTCHA website and sign up using your Google account
- Register your website to get the reCAPTCHA API keys
- Configure Google reCAPTCHA
- If you are using Real Estate 7 theme default built-in forms, refer to this article
- If you are using our IDX, refer to this article
- If you are using Contact Form 7, refer to this article
- If you are using Elementor Pro to build forms, refer to this article
WordFence
WordFence is a free comprehensive security plugin with a robust firewall and malware scanner to protect your website.
Steps to Implement WordFence:
- Install WordFence:
- From your WordPress dashboard, go to Plugins > Add New
- Search for “WordFence Security”
- Install and activate the plugin
- Configure WordFence:
- Upon activation, follow the setup wizard for initial configuration
- Navigate to WordFence > Firewall
- Enable the firewall and set it to “Extended Protection”
- Configure rate-limiting rules to prevent bots from overloading your server
- Go to WordFence > Tools > Live Traffic to monitor and block suspicious IP addresses
- Enable Login Security:
- Navigate to WordFence > Login Security
- Enable two-factor authentication and set up reCAPTCHA for login forms to prevent brute-force attacks
For detailed guidance on optimizing WordFence settings, refer to this article.
Cloudways Server-Level Bot Firewalls
Cloudways our recommended hosting provider, provides automatic server-level protection against bots, adding another layer of security to your website without requiring manual configuration.
Steps to Benefit from Cloudways Bot Protection:
- Sign Up for Cloudways:
- Visit Cloudways and sign up for an account. Use our referral code CONTEMPO20 for 20% off your first two months
- Deploy Your Server:
- Choose Digital Ocean and set up your server on Cloudways
- Automatic Bot Protection:
- Cloudways’ bot protection is automatically enabled, providing out-of-the-box protection against malicious bots and ensuring your site’s security
Use a CDN with Bot Protection
Content Delivery Networks (CDNs) like Cloudflare offer bot protection features that can help filter out malicious traffic before it reaches your server.
Steps to Use a CDN with Bot Protection:
- Sign Up for a CDN Service:
- Visit the Cloudflare website and sign up for an account
- Add your website to Cloudflare
- Configure DNS Settings:
- Update your domain’s DNS settings to point to Cloudflare’s servers
- Enable Bot Protection:
- Go to the Firewall settings in Cloudflare
- Enable bot protection and configure the rules to suit your needs
Integrate Cloudflare with Cloudways:
We recommend using Cloudways as your hosting provider because they offer an easy integration with Cloudflare, enhancing both security and performance. Once you open an account, open a live chat with Cloudways support and they can assist in setting up Cloudflare for you, or refer to this guide for detailed steps.
By choosing Cloudways, you not only benefit from their robust hosting solutions but also their straightforward integration process with Cloudflare, ensuring your website remains secure and performant.
Regularly Update WordPress and Plugins
Keeping your WordPress core, Real Estate 7 theme, and plugins updated can prevent bots from exploiting known vulnerabilities.
Steps to Regularly Update:
- Enable Automatic Updates:
- From your WordPress dashboard, go to Dashboard > Updates
- Enable automatic updates for WordPress core, themes, and plugins
- Monitor for Updates:
- Regularly check your WordPress dashboard for update notifications
- Manually update any plugins or themes that require it
Advanced: Using the .htaccess File to Block IPs and Bots
For more advanced users, manually configuring the .htaccess file can provide an additional layer of security by blocking specific IPs and bots.
Steps to Block IPs and Bots Using .htaccess:
- Access Your .htaccess File:
- Use an FTP client or the file manager in your hosting control panel to locate and open the .htaccess file in your website’s root directory
- Block Specific IP Addresses:
- Add the following lines to your .htaccess file to block specific IPs:
<IfModule mod_rewrite.c> RewriteEngine On # Block specific IPs RewriteCond %{REMOTE_ADDR} ^123\.456\.789\.000$ RewriteRule ^ - [F,L] </IfModule>
- Block Bots by User-Agent:
- Add the following lines to block bots by their user-agent strings:
<IfModule mod_rewrite.c> RewriteEngine On # Block bad bots RewriteCond %{HTTP_USER_AGENT} ^BadBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EvilScraper [NC] RewriteRule ^ - [F,L] </IfModule>
- Save and Test:
- Save the changes to your .htaccess file and test your website to ensure it functions correctly and that the blocks are effective