200k visitors/bots? How do I stop it? Does it cause problems?

You can installed a plugin like WordFence which will give you live stats and other security tools. It could be you have a bot trying a brute force attack on your admin login.

Do you have Google analytics installed that might be useful.

Hey! Thanks for the fast reply. Yeah I don’t know if that will change the speed of my site, I don’t want to cause more delay by installing more plugins.

I have Google Analytics installed and it only shows like 20 visitors per day.

Sounds like you are getting hit hard by some sort of bot.

WordFence is good even if you uninstall it after a period of time. Check out it’s live traffic feature.

Hey! Really appreciate your help.

I installed WordFence and here is what I think.

I checked the live traffic, and a lot of the traffic is from weird countries (Ukraine, Replublic Of Moldava)

So until yesterday I had this forum installed on a subdomain, and that forum got spammed real hard. So today I deleted the forum (and I wanted to reinstall it later).

However all the traffic is still going towards my forum (even though I deleted the whole forum subdomain – meaning that the bots now visit an empty 404 NOT FOUND page).

How can I stop the traffic?

Oh and none of the traffic is Human. They are all Crawlers and Google Crawlers.

[ No bumping please. ]

Please don’t bump: https://codex.www.ads-software.com/Forum_Welcome#No_Bumping

The traffic can’t directly cause any harm, so if your hosting provider isn’t complaining about higher than usual server load, just leave it as-is and allow it to die down on its own (the bots will eventually realize their target no longer exists and stop).

If your hosting provider is complaining about high server load from your account, then yes start blocking them either via IP, referrer (if possible), or user agent: https://codex.www.ads-software.com/Combating_Comment_Spam/Denying_Access

For specifics on working with Wordfence, I recommend asking at https://www.ads-software.com/support/plugin/wordfence so the plugin’s developers and support community can help you with this.

Dear nathanvj,
This traffic is annoying, and ruins your Google analytics analysis. If it really is a hacking attack, it can slow your users access times.

The default settings on Wordfence need a bit of tweaking IMHO. Within the paid version, you can block IP addresses from particular countries, eg. Moldova, Russia, China.

You can also block traffic from IP addresses that appear to be trying to hack your site. I block the IP address of any traffic trying to hack the site for 30 days, not the 5 minutes, which I think is the default.

It might be referral spam, it is worthwhile checking out Google analytics to see if these visits are referrals. You can block domains generating referral spam in the .htaccess file. There is also a plugin for Google analytics that filters known referral spam.

Good luck

Did you check the failed login attempts panel in wordfence?

If you are getting a lot of failed logins then i’d suggest you move your login url (good practise anyway) using the likes of:
https://www.ads-software.com/plugins/wps-hide-login/

Also if you don’t use it give disabling xmlrpc.php in .htaccess

<Files "xmlrpc.php">
Order Allow,Deny
deny from all
</Files>

Thanks for the help everyone.

I did the things you recommended but every morning I wake up and still see 700+ bad bot/crawlers in my statistics. It’s horrible. Even got 40 failed login attempts.

Change my login page using latro666’s recommended plugin and xmlrpc.php denying. Hope that works for the login problem.

What I noticed is that almost EVERY bad crawler wants to visit my FORUM that I deleted… Why do they keep doing that?

In the robots.txt file I even set to block ALL crawlers. I won’t be using SEO anyway (only social media traffic). But that doesn’t work either.

Also using the Wordfence plugin I blocked like 20 NETWORKS, with a total of about half a million IP-adresses… Nothing works!!!!!!

Please someone save me from this horrible mess. My website is slow and I’m getting tired of it.

Thanks for all the support guys, I really appreciate it.

What I noticed is that almost EVERY bad crawler wants to visit my FORUM that I deleted… Why do they keep doing that?

Because they’re bots, they generally aren’t smart. Eventually, some human operator will look at their logs, notice all the 404 Not Found entries, and stop targeting it.

In the robots.txt file I even set to block ALL crawlers. I won’t be using SEO anyway (only social media traffic). But that doesn’t work either.

Bots *should* respect robots.txt, but bots can be programmed to ignore it. There are laws against stealing cars, yet people still steal cars.

Also using the Wordfence plugin I blocked like 20 NETWORKS, with a total of about half a million IP-adresses… Nothing works!!!!!!

I recommend asking at https://www.ads-software.com/support/plugin/wordfence so the plugin’s developers and support community can help you with this.

Have you considered trying CloudFlare? The free plan provides a bit of bad bot protection by default. If the bad bots are focusing on a specific page you can set a page rule to “Security Level: I’m under attack” and/or “Browser Integrity Check: On” to block bad bots at the DNS layer, before they hit your server or site.

@james Huff thank you for the information. ??

@acstudent Thanks for that recommendation, I configurated CloudFlare and turned on Security Level: I’m under attack.

In my live traffic on Wordfence there are no bots anymore! Very happy with that!

I guess i’ll just leave it on for a few days and then turn it off because visitors usually don’t like to wait 5 seconds for a page to load.

But I really appreciate the help, now I can finally work on my website without continuously being slowed down by stupid bots.

You’re welcome!