Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection



Stop Bad Bots, SPAM bots, Crawlers and spiders without DNS Cloud or API (EndPoint) Traffic Redirection and without slow down your site. No google penalties. Multilanguage ready. Included also Dutch, French, Germany, Italian and Portuguese language files.
Italian: Blocca bot dannosi, bot SPAM, crawler e spider senza DNS Cloud o reindirizzamento del traffico API (EndPoint) e senza rallentare il tuo sito. Nessuna sanzione su Google. Tradotto in italiano.
Português: Bloqueia Bots, SPAM bots, Crawlers e spiders sem DNS Cloud ou API (EndPoint) redirecionamento de tráfego e sem deixar seu site lento. Sem penalidades do Google. Traduzido em Português.

Bad bots consume bandwidth, put SPAM in your comments and contact form, slow down and overload your server and can hack your server, steal your content and look for vulnerability to compromise your server.

Stop Bad Bots is completely self-contained and does not need to connect to any outside API or service. No DNS, API or Cloud Traffic Redirection. No Slow Down Your Site!

No .htaccess neither robots.txt required.

When a bad bot try to open any your WordPress page we show a 403 Forbidden page. Then, in your statistics like webalizer or visitor metrics, for example, you can see status 403 (forbidden) and 0 bytes. For more details, visit our online guide and FAQ page.

You don’t need create robots.txt neither touch your .htaccess file.

  • Not using WordPress? Check out the free standalone PHP version of StopBadBots (also Docker)
  • Your Bad Bots Table is updated with periodic free online automatic updates
  • Premium Option with Firewall protection.
  • Premium Option with weekly automatic table updates from our server instead 3x year in free version.
  • Included also Bad Bots IP Table. The plugin can block also the bat bots by IP using fake or blank User Agent.
  • Included also Bad Bots Referer/Referral spam Table. More than 8.400 bad bots included
  • Included also Visits Log with Whitelist Button
  • Anti Hacker: Protect also Against Hacker Attacks (with free Anti Hacker Plugin extension)
  • Anti Spam: Protect also Comments Form from bad bots
  • Anti Spam: Protect also Contact Form 7 and WP Form Plugins from bad bots
  • Protect Login Form Against Bots and Brute force Attacks
  • Stop Data Thieves From Stealing You
  • list of bad bots
  • More than 4800 Bots, 8400 bad referer/referral and 3300 bad IPs Included!
  • You Can Add more …
  • **No DNS or Cloud Traffic Redirection. No Slow Down Your Site! No Google penalties for slow sites.**
  • Block User Enumeration
  • Block PingBack Request
  • Limit Bot Visits (Rate Limiting) (Premium)
  • Whitelist Table (Premium)
  • Block HTTP tools table (Premium)
  • **The Plugin doesn’t block main Google, Yahoo and Bing (Microsoft) bots.**
  • Easy to manage the list. You can add more bots, IPs and referrer or deactivate any bot
  • Save bandwidth.
  • Optionally receive an email alert
  • Block False Google/Microsoft (Fake Google Bot) Bots (Premium Version)
  • Block ahrefs
  • Block semrush
  • Spider blocker

Demo Video
Premium Version Available
Online Documentation
StartUp Guide
FAQ Page
Plugin Site
Compatible With Anti Hacker Plugin
Share 🙂

reCAPTCHA V3 for all pages of your site

If you want protect ALL pages of yoursite with invisible reCAPTCHA, try this new free plugin:
reCAPTCHA For All free plugin
Block spammers, hackers, crawlers, spiders and malicious traffic.

Block visitors from China, Cuba and North Korea

If you are getting a lot of spam and malicious traffic from China, Cuba and North Korea, with our plugin
you can block them without worry about install (and mantain) huge databases of IP address.
Just let our plugin take care that (Premium).

Ban spammers, crawlers, spiders, hackers and bad behavior

This plugin let you ban users by IP, user agent and referrer url.

Anti Hacker Protection

If you want protect ALL pages of yoursite against hackers and their bots, try this free plugin:
Anti Hacker free plugin

  • Prevent unauthorized access to your account by protect your login page also against bots and brute force.
  • Firewall to Block Malicious Requests, Queries, User Agents and URLS. 100% Plug-n-play, no configuration required.
  • View Table of the Blocked Visits and add IP to Whitelist from table and logs failed login attempts.
  • Option to disable Json WordPress Rest API (also new WordPress 4.7 Rest API) or disable WordPress Rest API (disable WordPress API)
  • You can also disable the WordPress xml-rpc (xmlrpc) (or disable only Pingback) API with just one click.
  • You can turn on login alerts with just one click. Also login fails alert.
  • Send alert email when any new plugin is installed. (First thing hackers do when gain access to your site)
  • Send email alert when AntiHacker plugin in deactivated.
  • WordPress Debug enabled warning.
  • Disable file editing within the WordPress dashboard.
  • Replace insecure login error message.
  • Hide WordPress version number.
  • Disable Application Passwords: Block external applications to request permission to connect to a site and generate a password (WordPress 5.6 new feature)
  • Limit Visits, Limit Bots Attempts (Premium Version)
  • limit only 404 requests (Premium Version)
  • Check Google Safe Browsing Blacklist
  • Check and alert for deactivated Plugins and themes
  • Check and alert for extra files and dangerous files on root folder.
  • Multilingual ready.
  • Disable WordPress native sitemap (for user’s) creation.
  • Disable xml-rpc
  • Disable Pingback

    Malware Scanner

  • Security Malware scanner (one click scan) for 797 malwares also in free version (unlimited files).
  • 7 speed options to scan and the scan run on your local computer to not overload your server.
  • Scans every folder and inspects every file on a website (deep scanner) for traces of malware, exploits, trojans, worms, viruses, backdoors as well as JavaScript code obfuscation, exploits, malicious iframes, malicious code injection, malicious code obfuscation, auto-generated malicious content, redirects, hidden eval code and more.
  • Scan all Pages, Posts and Comments against malwares.
  • Alert for plugins and themes without updates for long time or with old versions.
  • Scan your site now before Google blacklists it or your web host takes it down.


  • User enumeration. (is one of the most popular attacks to identify the valid user names)
  • Comments in media page.
  • Bad Queries.* Block All Feeds (Optional).
  • Creation of new Administrators from plugins and themes with vulnerabilities.
  • Fake Google and Bing (MSN) bots (Premium Version)
  • Search for Theme’s vulnerabilities (Premium Version)
  • Search for Plugin’s vulnerabilities (Premium Version)
  • Tor (The Onion Router) Traffic – Optional – (Premium Version) Tor anonymity provides value to online attackers.
  • HTTP Tools (you can manage the strings)
  • Blank User Agent
  • Spider (Spider Block)

Analytics Spam Referrals

This plugin is not about Analytics Spam referrals.
For more details about that, please, visit our FAQ page:
and look for Analytics SPAM referral

Note: If you use the plugin WPFastestCache, looks like they use a bot named “test”.
In this case, you need deactivate this bot in our table. (Dashboard => Stop Bad Bots => Bad Bots Table)
After activate, check the bot’s table frequently, especially in the first days.

Check also the Block Visits Log. You will find one Whitelist button there.

Confirm if you want block all that bots.

Maybe you want unblock Baidu, Yandex, Seznam or another search engine in your language or some social sites, if they are usefull for you.
If you use RSS FEED service, probably they have their bot to read your feeds.Remember to deactivate their bot.
Same thing if you create some smartphone APP.StopBadBots it is a powerfull tool. Then, like all powerfull tools it is necessary to use with care and attention.

Free plugins from the same author:

External service

If the settings of Stop Bad Bots is “not conservative”, we can test some visitors Ip
from the RIPE database. We send only the IP number of your visitor.
This is a free service. Ripe is a not-for-profit membership association.

RIPE NCC Privacy Statement:

Additional Tags

trap bots
traps bots
forbids bots
deny bots
protect your site
block scrapers
block scanners
anti spam for wordpress
wp anti spam
best free anti spam plugin for wordpress
best anti spam plugin wordpress
anti spam contact form wordpress
anti spam for wordpress
free anti spam plugin for wordpress
free anti spam wordpress
anti spam plugin wordpress
plugin anti spam wordpress
anti spam wordpress
anti spam wordpress plugin free
anti spam wordpress contact form 7
anti spam wordpress free
wordpress anti spam
wordpress anti spam plugin free
better anti spam bot
anti spam bots
anti spam download free
anti spam elementor form
anti spam filter
anti spam gratis
anti spam form
anti spam solution
anti spam software free
software anti spam

Stop == Changelog.txt

The changelog.txt contains changelog entries, so we can keep the size of the standard WordPress readme.txt file reasonable.


  • Dashboard
  • Dashboard
  • Setting2 Page
  • Default Bot Table


1) Install via
2) Activate the plugin through the ‘Plugins’ menu in WordPress
Extract the zip file and just drop the contents in the wp-content/plugins/ directory of your WordPress installation and then activate the Plugin from Plugins page.


How to Install?
1) Install via
2) Activate the plugin through the ‘Plugins’ menu in WordPress
Extract the zip file and just drop the contents in the wp-content/plugins/ directory of your WordPress installation and then activate the Plugin from Plugins page.

Where is the Startup Guide?

Where is the OnLine Manual?

Where is the Faq page?

How can i get support?

Where is the demo video?
Demo Video


3-р сар 11, 2023 1 reply
very annoying and annoying recurring messages (a least every month) to adjust your level ….what is the purpose of this? It almost looks like bullying behaviour.
12-р сар 25, 2022
I can't say whether this plugin actually works. After leaving it activated for a couple of days, I found it had blocked one IP address. I don't know what to make of that.The reason I uninstalled this plugin was because the author urged me to go "Pro," buy the more complete version.I fully understand that software developers want to get paid just as anyone else does. I'm willing to pay for certain programs, apps, and plugins. What I found unacceptable, though, was the insistence.There are many features you can activate or leave inactive, which you can access via a dashboard. Many of these features are only available with the Pro version. This fact isn't always apparent as you're working through the options. I would have preferred to know right off which features require "Pro." I often had to try to activate them before I could find out.This may sound trivial, but it felt a bit sketchy. Kind of "bait and switch." I don't like being teased in this way, so I removed the plugin.I believe this plugin could have great potential; but I don't care for the way it tried to push the "Pro" level. I uninstalled it.
10-р сар 31, 2022
It blocks the troll bots that have become more than a nuisance. This is what I wanted and what I received. The definition of a good transaction.
10-р сар 17, 2022 1 reply
I bought the premium version of the plugin in April 2022. Its a terrible plugin although support is responsive but not helpful. In May 2022, I noticed that my website(s) have started to have loading issues and blocking legitimate traffic including mine. Bill Minozzi from support listed plugin conflict as one of the reasons, pointing to Jetpack and Sucuri. Basically he is saying Jetpack and Sucuri should fix the conflict (if any) with StopBadBots? So I reduced the protection of StopBadBots and the issue went to minimum although its still blocking legitimate traffic. On 12-Oct, an automated email from Wordpress says that one of my site has crashed. Below is a partial error detail: "Howdy! Since WordPress 5.2 there is a built-in feature that detects when a plugin or theme causes a fatal error on your site, and notifies you with this automated email. In this case, WordPress caught an error with one of your plugins, StopBadBots.` An error of type E_ERROR was caused in line 2931 of the file /home/xxx/wp-content/plugins/stopbadbots/functions/functions.php. Error message: Uncaught TypeError: count(): Argument #1 ($value) must be of type Countable|array, null given in /home/xxx/wp-content/plugins/stopbadbots/functions/functions.php:293" I believe the error was then fixed with a plugin update 2 days later but I stopped using the plugin since it crashed the site. This is a real user experience.
9-р сар 5, 2022
All WP sites should use this in order to block unwanted bots. You might need to be a little tech savvy in order to fine tune it and stop it from blocking some webshop payment plugins, Ahrefs, Manage WP etc but it's easy when you know what to do. I'm using it on about 50 sites. Excellent support!
Read all 98 reviews

Contributors & Developers

“Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection” is open source software. The following people have contributed to this plugin.


“Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection” has been translated into 1 locale. Thank you to the translators for their contributions.

Translate “Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.