How to Protect Your WordPress Website From Bad Malicious Hacker Bots

If you want to protect your WordPress website from bad bots and hacker’s malicious url requests then this article is for your. These can be a big nuisance for your website. You can block it by using plugin or using your .htaccess file. In this tutorial we will see one by one.

Block Bad Malicious Hacker Bots using plugin:

BBQ Block Bad Queries is a free wordpress security plugin from Jeff Starr. Using this you can protect your wordpress website against malicious URL requests by bad hackers, bots and scrapers. This plugin acts as a firewall between your user and your website and scans all incoming traffic to your website and blocks malicious bad requests. Some important features are blocks malicious requests, directory traversal attacks, executable file uploads and SQL injection attacks. It scans all type of requests like GET, POST, PUT, DELETE. It comes with zero configuration option. So no need worry about the settings. Just install and forget about it.

It is also available as a paid pro version with some extra features like customizable firewall option, email alerts, xml-rpc protection, IP blocking and IP whitelisting, user ID phishing protection, Statistics and without ads.

How to install BBQ Block Bad Queries wordpress plugin on your wordpress website:

Login to your wordpress admin dashboard. (wp-admin).
In your wordpress admin dashboard click plugins and select Add New.
Type BBQ in the search field and press the enter key.
Click the Install Now button in BBQ Block Bad Queries.
After the successfully Installation click the activate Plugin link to activate the BBQ Block Bad Queries wordpress plugin.

Also Read:  How to Limit Failed Login Attempt Attacks in WordPress

That’s it . You don’t need to do anything . Its comes with zero configuration.
You can download and install manually from below download link.

Download BBQ Block Bad Queries

Block Bad Malicious Hacker Bots using .htaccess file:

If you are using apache, then create a .htaccess file in the root of your domain (that is /public_html/.htaccess) and add the below example code format in that file and save it. You can use any one of the sample code with real bots to block it from your website.

Download complete list of known bots in Text file:

Sample format 1:

#Block Bad Bot User Agents
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*(Bot1|Bot2|Bot3).*$ [NC]
RewriteRule .* - [F,L]

In this example you need to replace Bot1 and Bot2 with the real bad bots user agents.

Sample format 2:

#Block Bad Bot User Agents
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^Bot1[OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot2
RewriteRule .* - [F,L]

Sample format 3:

#Block Bad Bot User Agents
SetEnvIfNoCase ^User-Agent$ .*(Bot1|Bot2|Bot3) bad_bot
SetEnvIfNoCase ^User-Agent$ .*(Bot4|Bot5|Bot6) bad_bot

# Apache < 2.4
<IfModule !mod_authz_core.c>
<Limit GET POST>
Order allow,deny
Allow from all
Deny from env=bad_bot
# Apache >= 2.4
<IfModule mod_authz_core.c>
<Limit GET POST>
Require all granted
Require not env bad_bot
If you liked this article, please subscribe to our YouTube Channel. You can also stay connected with us on X (Twitter) and Facebook.

Leave a Reply