How To Restrict Bots From Accessing Your WordPress Site

A bot is an application that is automated and runs script over the internet. They can perform tasks faster and can do repetitive tasks at a much higher rate than human.

Bots can make your life easier and sometimes it can be a nuisance. Bots can use your resources, breach your security and create other problems. In WordPress, bots can be used to breach the security of databases, login portal, hosts, etc.

In this guide, you will learn how to restrict both from accessing your WordPress site by making some changes in the .htaccess file & by using some WordPress plugins.


  • A Domain name (e.g.,
  • cPanel access
  • Text editor
  • FTP application

Step 1:

First, we will learn how to restrict bot from accessing the site by .htaccess file. Open the .htaccess file located in the public_html directory. You can access the file using File manager of cPanel or through FTP application.

Step 2:

Click File manager from your cPanel. Go inside public_html directory where you will find the .htaccess

Step 3:

Now, we need to restrict bots by adding some codes to the .htaccess file. Different type of known are listed in this site. Add the following lines of code to your .htaccess file to restrict bots from your site

#Block Bad User Agents
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^SpiderMan[OR]
RewriteCond %{HTTP_USER_AGENT} ^voyager[OR]
RewriteCond %{HTTP_USER_AGENT} ^WaveFire
RewriteRule .* - [F,L]

In the above code, SpiderMan, voyager and Wavefire are the bots. These can be replaced by the bots you want to block. The last line of code requests the server to give a 403 error to the bots in the code.

Step 4:

You can also restrict the access if you know the ip address of the bot. You can list the ip addresses in the .htaccess file

#Restrict IP of bots
Deny from
Deny from

#Restrict IP range of bots
Deny from

You can add the IP address or the range of IP address of the bot that you want to block.

Step 5:

Also, you can install various plugins available in WordPress to restrict bots to access

Your wordpress site. Some of the know plugins are iThemes Security, All In one WP security & firewall, StopBadBots, etc.


By following the steps mentioned, you can make your site safe from malicious bots to access your site.


Check out these top 3 WordPress hosting services:

Was this article helpful?