Bot Site visitors Is on the Rise, Put together Your Web site

For each human visiting your web site, there are 3 bots.

Shocked? We had been too.

However in response to our inner knowledge, we noticed a median of 71.5% bot site visitors since January 2025.

AI crawlers from ChatGPT (9.16%), Claude (6.09%), and different LLMs present up usually in our bot site visitors knowledge, whereas search engine bots like Googlebot signify simply 7.57% of site visitors.

We will’t simply block all of them as a result of most bots are vital. As an illustration, Googlebot helps your website present up in search, or ChatGPT bot cites your model as a supply in responses.

However should you’re seeing site visitors spikes or spam entries in your contact kinds, that’s when you’ll want to take motion.

Simply How Dangerous Has the Bot Site visitors Surge Turn into?

Here’s a breakdown of the bot site visitors we’re seeing throughout our buyer web sites on the DreamHost community:

The geographic patterns we noticed are fairly attention-grabbing, too.

Eire leads bot site visitors at 40.70% of every day visits, adopted by Singapore at 13.04%. This geographic focus is not only coincidence.

Eire hosts the European headquarters of just about each main US tech firm – Google, Apple, Microsoft, Amazon, and Fb – drawn by EU entry, low company taxes, and an English-speaking workforce.

In the meantime, Singapore is the Asia-Pacific knowledge middle hub, with AWS, Microsoft Azure, and Google Cloud working main amenities there to serve Asian markets with decrease latency. When AI crawlers and cloud companies scan web sites, they’re usually working from server farms concentrated in these two strategic areas.

Our findings are fairly coherent with Imperva’s Dangerous Bot Report 2025, the place 51% of all web site visitors now comes from automated sources, with 37% categorized as malicious bots.

The problem lies within the grey space.

Some AI coaching crawlers (like GPTBot) acquire your content material to coach language fashions with out offering direct site visitors advantages again to your website.

However whether or not these signify “good” or “unhealthy” bots is determined by how you’re feeling about AI corporations utilizing your content material for industrial functions.

Good Bots vs. Dangerous Bots: What’s the Distinction

Not all automated site visitors deserves blocking. You have to know which bots assist your corporation and which of them hurt it earlier than you’re taking any motion to handle bots in your web site.

Good Bots That Profit Your Website

• Search engine crawlers: For instance, Googlebot and Bingbot index your content material for search outcomes.
• Social media bots: Like FacebookExternalAgent generate hyperlink previews when customers share your content material.
• Monitoring companies: These test your website’s uptime and efficiency.
• AI search crawlers: Like ChatGPT-Consumer and Perplexity-Consumer that cite your content material when answering person queries.

Dangerous Bots That Drain Your Sources

• Content material scrapers: These steal your articles, product descriptions, and pictures.
• Kind spam bots: They flood contact kinds with junk submissions.
• Value monitoring bots: From opponents monitoring your pricing methods.
• Stock hoarding bots: These add merchandise to carts with out buying.
• Credential stuffing bots: They try to interrupt into person accounts.

The Hidden Prices Hitting Your Small Enterprise Website

Regardless of the kind of bot, automated site visitors impacts your web site in three important areas:

• Internet hosting bills
• Safety dangers
• Information accuracy

Every bot go to consumes server sources similar to a human customer, however with out any potential for conversions, engagement, or income.

1. Your Infrastructure Prices Preserve Climbing

Each bot request makes use of your bandwidth, processing energy, and storage.

When you have a content-heavy website or e-commerce platform, you’re prone to see this hit your pockets quick.

The Learn the Docs venture diminished site visitors by 75% after blocking AI crawlers and went from serving 800GB to 200GB every day, saving $1,500 per 30 days in bandwidth prices.

For those who’re on a shared internet hosting plan, you gained’t see direct prices.

Extreme bot site visitors, nonetheless, can set off your host to throttle website efficiency. Extra aggressive bot exercise can push you towards requiring a VPS or devoted internet hosting options sooner than you deliberate.

2. Safety and Spam Issues Get Worse

Malicious bots goal your contact kinds, login pages, and checkout processes.

They search for vulnerabilities, try credential stuffing assaults, and likewise flood kinds with junk submissions. Since most web sites have simply fundamental safety, they turn into a pretty goal.

In case your contact kinds or weblog feedback have spam entries, I’d recommend instantly putting in Askimet to see spam entries will go down. Bear in mind, although, Askimet doesn’t block bot site visitors.

You have to take steps to dam bots your self (extra on that in a bit).

3. Your Analytics Information Will get Contaminated

Bot site visitors messes up your web site analytics.

When bots go to pages, they don’t interact with content material, creating artificially excessive site visitors numbers with zero conversion charges.

This contamination makes it virtually unattainable so that you can measure actual person conduct, optimize conversion funnels, or make data-driven advertising and marketing choices.

And even when Google Analytics enables you to filter site visitors to slender down the evaluation, it’s tough to tell apart bot site visitors from common human guests.

The place To Search for Bot Site visitors on Your Website

There may be at present no foolproof technique to discover all bot site visitors since superior bots are just about indistinguishable from human guests.

However there are particular steps you may take to begin monitoring.

1. Begin With DreamHost Panel’s Site visitors Dashboard

For those who’re internet hosting with DreamHost, you’re already one step forward. The Site visitors tab in your DreamHost panel provides you a transparent view of site visitors exercise, together with bot conduct. You possibly can monitor spikes, detect anomalies, and observe what number of bots could also be impacting your website, all while not having a third-party software.

Our panel helps you:

• Distinguish between human and bot site visitors at a look
• View site visitors by IP, referrer, or person agent
• Spot patterns early so you may take motion quick

That is particularly useful for customers preferring built-in instruments over difficult dashboards. Bonus – No further configuration is required!

2. Dig in With Google Analytics

Have a look at your Google Analytics dashboard for these telltale indicators of heavy bot exercise:

• Site visitors spikes with corresponding bounce price will increase
• Excessive web page views with zero time on web page
• Uncommon geographic site visitors patterns (sudden site visitors from international locations the place you don’t function)
• Referrer spam from unfamiliar domains

Go to Experiences → Tech and use GA4’s tech filtering to slender all the way down to person know-how.

Right here, you can begin filtering by browser and working system, display screen resolutions, machine, app variations, and many others. What you’re on the lookout for are unusual browsers, unusual working techniques, and unusual display screen resolutions like:

• 1024 x 768
• 1366 x 768
• 1600 x 864
• 800 x 600
• 1600 x 1200
• 1024 x 667
• Not Specified

This is able to minimize some actual guests out of your monitoring, however you’ll additionally see many fewer bot entries within the analytics knowledge.

Be aware: Superior bots can use regular resolutions and the newest machine variations to disguise their exercise. These are extraordinarily tough to filter out for evaluation until you start to display screen guests earlier than they’ll view your web site.

3. Examine Your Server Logs

When you have entry to your internet hosting management panel, take a look at your server entry logs for patterns that point out automated site visitors:

• Speedy-fire requests from single IP addresses.
• Requests to non-existent pages (usually bots probing for vulnerabilities).
• Consumer brokers figuring out as identified crawlers (each good and unhealthy).
• Requests with no referrer info.

Many internet hosting suppliers, together with DreamHost, provide log evaluation instruments of their management panels. Search for uncommon spikes in bandwidth utilization that don’t correspond with advertising and marketing campaigns or content material updates.

After getting a listing of IP addresses that appear to be repeat offenders, you can begin blocking the IP addresses both out of your internet server, like NGINX or Apache, or from a CDN.

4. Use Third-Occasion Monitoring Instruments

Generally, you may solely establish a lot site visitors. Which is why there are free, third-party instruments like Cloudflare Analytics (should you use their service) which offer bot site visitors breakdowns.

There are additionally different complete apps like:

• Wordfence: For WordPress websites; identifies malicious bot makes an attempt
• Sucuri: Gives web site firewall companies with bot detection
• MonsterInsights: Offers enhanced Google Analytics reporting with bot filtering

Managing and Blocking Dangerous Bots With out Hurting the Good Ones

I like to recommend going sluggish on blocking bot site visitors since you might by accident block actual customers as effectively. And also you additionally want a balanced strategy that blocks dangerous automated site visitors whereas preserving useful crawlers.

Right here’s how I’d implement bot administration with out by accident blocking serps or respectable companies.

Set Up Your robots.txt File

Your robots.txt file serves as the primary line of protection in opposition to undesirable crawlers.

Create or replace the file in your web site’s root listing with particular directions for various bot varieties:

# Block AI coaching crawlers
Consumer-agent: GPTBot
Disallow: /

Consumer-agent: anthropic-ai
Disallow: /

Consumer-agent: Google-Prolonged
Disallow: /

# Enable serps
Consumer-agent: Googlebot
Enable: /

Consumer-agent: Bingbot
Enable: /

# Enable AI search bots that cite sources
Consumer-agent: ChatGPT-Consumer
Enable: /

Consumer-agent: PerplexityBot
Enable: /

For those who don’t have direct entry to the robots.txt file and use WordPress, you might attempt utilizing the WP Robots Txt plugin that permits you to edit the file out of your WordPress dashboard.

Needless to say robots.txt operates on an honor system. Nicely-behaved crawlers respect these directives, however malicious bots usually ignore the file completely.

Implement a Web site Firewall

For extra aggressive web site safety, implement a Net Utility Firewall (WAF) that may block bots on the server degree.

You even have a pair extra choices as a small enterprise proprietor managing low-volume web sites.

Cloudflare Free Plan:

• Offers fundamental bot preventing capabilities
• Blocks apparent malicious site visitors mechanically
• Gives customizable firewall guidelines for particular threats

Wordfence (WordPress Customers):

• Contains bot detection and blocking options
• Actual-time risk intelligence updates
• Customizable price limiting to forestall rapid-fire requests

Server-Degree Fee Limiting

Many internet hosting suppliers provide rate-limiting options that mechanically decelerate or block IP addresses making too many requests in brief timeframes. You possibly can configure these price limiters to dam IP addresses that browse too many pages in a really brief span of time.

As an illustration, a traditional human would require a few seconds to go searching on a web page earlier than clicking on totally different hyperlinks. A bot would take milliseconds to do the identical.

Plugin Options for WordPress Websites

For those who’re operating WordPress, you might have further choices for bot administration:

• Akismet: Routinely filters remark and kind spam with 99.99% accuracy utilizing superior AI filtering. Important for any WordPress website accepting person submissions.
• WP Cerber Safety: Offers complete bot safety, together with login try limiting, IP blocking, and superior bot detection algorithms.
• All-In-One Safety (AIOS): Gives firewall options and bot blocking capabilities appropriate for small enterprise web sites.

Your Full Bot Safety Implementation Path

I’ve cut up this implementation plan so it matches inside tight schedules and helps you go from zero safety to a working bot protection inside a short while.

20 Minutes: Fast Wins

• Replace robots.txt file
• Allow fundamental safety ​​plugins 
• Examine Google Analytics for bot patterns

Begin along with your robots.txt file as a result of it’s the simplest first step. Log into your web site’s file supervisor (or use FTP) and create or replace the robots.txt file in your root listing. Copy the robots.txt configuration from earlier on this article and paste it in.

For those who’re operating WordPress, set up and activate the Wordfence safety plugin proper now. The free model contains fundamental bot safety and can begin blocking apparent malicious site visitors instantly.

Open Google Analytics to test your site visitors sources for uncommon patterns. Search for international locations you don’t serve, sudden site visitors spikes, or excessive bounce charges with zero session length.

24 Hours: Layer Your Protection

• Arrange a free Cloudflare account
• Configure price limiting
• Add CAPTCHA to kinds
• Allow remark moderation

Join a free Cloudflare account and add your web site. Cloudflare sits between your website and guests, mechanically blocking apparent bot site visitors earlier than it hits your server. Setup takes about half-hour and contains altering DNS settings, however Cloudflare walks you thru every step.

Set price limiting by means of your host to mechanically decelerate or block IP addresses making too many requests. Configure limits that enable regular shopping (just a few seconds per web page) however cease aggressive crawlers (a number of pages per second).

Add CAPTCHA to susceptible kinds utilizing the reCAPTCHA plugin for WordPress or Cloudflare Turnstile. Add invisible CAPTCHA to contact kinds, remark sections, and person registration pages to cease automated submissions with out annoying actual customers.

One Week: Monitor and Optimize

• Analyze server logs
• Effective-tune firewall guidelines
• Arrange monitoring alerts 
• Block downside IP ranges

Analyze your server entry logs to establish bot patterns particular to your website. Search for rapid-fire requests from single IP addresses, requests to non-existent pages, and suspicious person agent strings. Most internet hosting management panels embrace log evaluation instruments that make this simpler.

Use this knowledge to create customized firewall guidelines in Cloudflare or your safety plugin. For instance, should you discover bots from particular international locations persistently inflicting issues, you may block whole geographic areas. Or if sure person brokers maintain hitting your website aggressively, block these particular strings.

Arrange monitoring alerts so you understand when bot site visitors spikes occur. Instruments like UptimeRobot or Pingdom can warn you to uncommon site visitors patterns, sluggish loading occasions, or server useful resource spikes which may point out a bot assault.

One Month: Superior Safety

• Implement behavioral evaluation
• Deploy API price limiting
• Arrange CDN caching
• Create bot honeypots

Add behavioral evaluation instruments like DataDome or Imperva that detect bots by analyzing mouse actions, typing patterns, and web page interplay timing. These catch refined bots that mimic human conduct.

Use a CDN to cache static sources aggressively. This fashion, bot site visitors hits the cache, not your host, lowering the load from repeated requests.

Certainly one of my favourite methods is creating bot honeypots. For those who see a variety of kind spam, add an additional hidden discipline to the shape. Since bots take a look at the web page HTML whereas filling kinds, they are going to see this hidden discipline and add some knowledge to it. You possibly can safely delete all kind entries which have any textual content within the hidden discipline as a result of a human customer can’t see it.

The Way forward for Bot Site visitors Administration

Bot site visitors isn’t going away. With 71.5% of visits to our community coming from automated sources, robots now outnumber people 3 to 1 on the web.

However whereas most web site homeowners are nonetheless determining what’s taking place, you might have all the things you’ll want to flip this bot chaos round for your corporation and even profit from the great bots.

So go forth and start implementing bot administration techniques whereas your competitors continues to be panicking in regards to the faux site visitors!