🤖 Bot Detector
Intelligent bot detection with 143+ signatures, behavioral scoring, and Cloudflare-style management. Includes a built-in Robots.txt editor with templates for blocking AI crawlers and scrapers. See exactly who's crawling your site and take control.
What This Solves
Bad bots consume bandwidth, scrape content, test credentials, and inflate analytics. Most WordPress sites have no way to distinguish legitimate crawlers from scrapers, AI trainers, and vulnerability scanners. Bot Detector uses signature matching, behavioral scoring, and rDNS verification to identify and manage bot traffic.
Who This Plugin Is For
Sites Losing Bandwidth to Scrapers
Scrapers and AI training crawlers can consume more bandwidth than real visitors. Signature-based detection identifies and blocks them before they inflate your hosting bill.
WooCommerce Stores Targeted by Price Scrapers
Competitors use bots to monitor your pricing in real time. Bot Detector catches scraping tools by their behavioral patterns and shuts them down without affecting real shoppers.
Publishers Protecting Content
Your original content has value. Block the automated tools that copy your articles, steal your images, and republish your work without permission.
Key Features
143+ Bot Signatures
Comprehensive signature database covering scrapers, AI training crawlers, vulnerability scanners, SEO tools, headless browsers, and spam bots. Updated regularly.
Behavioral Scoring
Each visitor gets a 0-100 suspicion score calculated from request headers, rate patterns, 404 frequency, missing assets, and request sequencing.
rDNS Verification
Confirms that Googlebot, Bingbot, and other legitimate crawlers are genuine by performing reverse DNS lookups and forward verification against known netblocks.
Cloudflare-Style Controls
Inline action controls per bot signature: Block, Challenge, Allow, or Monitor. Manage every signature from a single table view with bulk actions.
JS Challenge
Lightweight JavaScript challenge page for suspicious traffic. Legitimate browsers solve it automatically in under a second; headless bots and simple scripts fail.
Good Bot Management
Separate controls for search engine crawlers, social media bots, uptime monitors, and feed readers. Allow good bots while blocking the rest.
How Bot Detection Works
The Bot Detector uses a layered approach: first matching the User-Agent against known signatures, then running behavioral analysis, and finally performing rDNS verification for bots that claim to be from known search engines.
Behavioral Scoring Signals
The scoring engine evaluates multiple signals to determine how suspicious a visitor is:
- Request rate — high request frequency without human-like gaps
- 404 patterns — repeated probing for common vulnerability paths
- Missing assets — real browsers load CSS, JS, and images; bots often don't
- Header analysis — missing or inconsistent Accept, Accept-Language, Accept-Encoding headers
- Request sequencing — jumping directly to deep URLs without visiting the homepage
- Cookie handling — inability to store and return cookies across requests
- TLS fingerprint — mismatches between claimed browser and actual TLS handshake characteristics
Signature Format
Each signature includes:
- Name — human-readable identifier (e.g., "AhrefsBot", "GPTBot")
- Pattern — regex matched against User-Agent string
- Category — scraper, AI crawler, vulnerability scanner, SEO tool, etc.
- Default action — the recommended action (block, challenge, allow, monitor)
- Description — what the bot does and who operates it
You can override the default action for any signature, and your custom actions persist across signature updates.
rDNS Verification
When a visitor claims to be Googlebot, Bingbot, or another known crawler, the Bot Detector performs a two-step verification process. First, it does a reverse DNS lookup on the visitor's IP address to get the hostname. Then it performs a forward DNS lookup on that hostname to confirm it resolves back to the same IP.
For Google, the hostname must end in .googlebot.com or .google.com. For Bing, it must end in .search.msn.com. Visitors that fail verification are flagged as impersonators and can be automatically blocked or challenged.
Screenshots
Dashboard — real-time bot detection statistics and traffic chart
Bot signatures list with inline Block/Challenge/Allow/Monitor controls
Bot signature filters by category and action type
Behavioral scoring settings and threshold configuration
rDNS verification and good bot allowance settings
IP allowlist management
VistoShield Server integration settings
Why Upgrade Bot Detector to Pro
Free blocks known bots with 143 signatures. Pro adds 500+ signatures updated daily — catching new scrapers, AI crawlers, and attack tools that basic signatures miss. Trend reports show how bot traffic changes over time, critical for content sites and WooCommerce stores losing revenue to price scrapers.
Free vs Pro
Free blocks bots with 143 signatures. Pro adds 500+ daily-updated signatures, longer analytics history, and trend reports for scraper-heavy sites.
| Feature | Free | Pro |
|---|---|---|
| Bot signatures | 143 | 500+ (daily updates) |
| Behavioral scoring | ✓ | ✓ |
| rDNS verification | ✓ | ✓ |
| Challenge pages | ✓ | ✓ |
| Bot analytics history | 7 days | Up to 10 years |
| PDF bot reports | ✗ | ✓ |
| Priority support | Community | 24h email |
| €0 forever | €79 /site/year | |
| Download Free | Get Pro Bundle |
All Pro features included in the Pro Bundle at €79/site/year. Managing client sites? See Agency Bundle →
Ready to Control Bot Traffic?
Install Bot Detector from the WordPress plugin directory and see exactly who's visiting your site.
Get Started Free See All Plans →