Archives

Block bad bots via .htaccess

You see a lot of traffic to your site from bad bots? If you have a WordPress site, maybe the first reaction is to search for a WordPress plugin that will block such visits. But instead of using a free/paid WordPress plugin, you can also modify the .htaccess file from the the root of your site. The location of the file is most of the time /home/username/public_html/.htaccess.

You can applies these rules to any website.

Just edit the file and add these lines:

#Rules to block bad bods from accessing web pages on your site. 
#Remove or add more rules as per your needs.
BrowserMatchNoCase "Baiduspider" bots
BrowserMatchNoCase "SemrushBot" bots
BrowserMatchNoCase "Yandex" bots
BrowserMatchNoCase "BLEXBot" bots
BrowserMatchNoCase "AhrefsBot" bots
BrowserMatchNoCase "DotBot" bots
BrowserMatchNoCase "Exabot" bots
BrowserMatchNoCase "SeznamBot" bots
BrowserMatchNoCase "aiHitBot" bots
BrowserMatchNoCase "spbot" bots
BrowserMatchNoCase "MJ12bot" bots
BrowserMatchNoCase "oBot" bots
BrowserMatchNoCase "DeuSu" bots
BrowserMatchNoCase "ia_archiver" bots
BrowserMatchNoCase "MetaURI" bots
BrowserMatchNoCase "FlipboardProxy" bots

Order Allow,Deny
Allow from ALL
Deny from env=bots

These bots will get now a 403 HTTP Error when trying to access your pages.

Double-check the bots you want to block! Not all bots are bad.

Using the .hatccess file, you can also block bad IPs. If you know malicious IPs, add them like:

#Deny malicious bots/visitors by IP addresses.
deny from 118.244.181.33
deny from 82.102.230.83

How you can edit the file?
1. Connect to your account via a FTP client like FileZilla FTP Client and edit the file.
2. Use the cPanel File Manager. Login to your cPanel account and go to File Manager

To buy a web hosting plan check our dedicated page forĀ Web Apps Hosting.

Share this post:

WordPress 4.7.3 Security Release

WordPress just released version 4.7.3. This is security update and you should update your blog(s) as soon as possible.

Security issues that were fixed in version 4.7.3:

– Cross-site scripting (XSS) via media file metadata.
– Control characters can trick redirect URL validation.
– Unintended files can be deleted by administrators using the plugin deletion functionality.
– Cross-site scripting (XSS) via video URL in YouTube embeds.
– Cross-site scripting (XSS) via taxonomy term names.
– Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources.

Also, WordPress version 4.7.3 contains 39 maintenance fixes.

If you need any help updating your WordPress installation please submit a ticket and we’ll be happy to help.
Share this post:
Page 2 of 2
1 2