02 Dec

What is a bot? Why are they trying to break into my website? Should you be concerned? 

Bot, unsurprisingly, is short for robot. They aren’t real robots like Wall-e. Bots are small computer programs that are sent out, onto the internet, to do a job for someone. 


How many bots are there? 

According to the social media specialists Yoast bots make up 40% of the traffic on the internet in 2022. That means, if your Google Analytics shows 2,000 visits this month, only 1,200 of these were human beings.  

Why are there so many? 

Most of these bots are doing a job for someone. There are good bots. For example Google has bots (called spiders) that ‘crawl the web’ following links, reading web-pages and reporting back what’s changed.  And it’s not just Google. There are thousands of companies scanning the internet trying to find out information that they can use.

There are also bad bots. 


Unfortunately and perhaps unsurprisingly there are bad bots. They have been sent out onto the internet by a human with bad intentions. There are various reasons that include stealing, breaking-in, vandalising, disruption and (the most common reason) just to see if they can. 

This list from Yoast explains some of the most common types of bot:

Email scrapers: They harvest email addresses and send malicious emails to those contact.

Comment spam bots: Spams your website with comments and links that redirect people to a malicious website. Or in many cases, they spam your website to advertise or to try to get backlinks to their sites.

Scrapers bots: These bots come to your website and download everything they can find. That can include your text, images, HTML files, and even videos as well. Bot operators will then re-use your content without permission.

Bots for credential stuffing or brute force attacks: These bots will try to gain access to your website to steal sensitive information. They do that by trying to log in like a real user.

Botnet, zombie computers: They are networks of infected devices used to perform DDoS attacks. DDoS stands for distributed denial-of-service. During a DDoS attack, the attacker uses such a network of devices to flood a website with bot traffic. This overwhelms your web server with requests, resulting in a slow or unusable website.

Inventory and ticket bots: They go to websites to buy up tickets for entertainment events or to bulk purchase newly-released products. Brokers use them to resell tickets or products at a higher price to make profits.


How serious is this?

It’s a serious situation but not something our clients need to lose sleep over.  It’s very serious because around 27% of all visitors are malicious bots. If it were a house, 1 in 3 people walking past would try and break in. That feels like a pretty scary situation, which is why we take it very seriously. 

Whenever we launch a website we also install a security set-up design to deter & distract these bad bots. Here are a few of the common things you’ll see us do:

  • We use individual logins with strong passwords so we know who is coming in and out of the website and track every time they use their key
  • We actually hide the door. On WordPress websites the login/door is almost always in the same place, which means that bots know where to start looking. We move it to a secret location so most bots don’t know where to start trying. The only time we don’t do this is when there is a public login needed for customers.
  • We ban the bad bots. Every computer, even bots, have a unique number (called an IP Address). When we see a number try (and fail) to get in numerous times; it gets banned. On thousands of occasions this keeps out the bad bots. Every now and then it does mean a client who has forgotten their password also gets locked out. We think that’s a fair price to pay for keeping things safe. Just give us a call, let us know what’s happened to you and we’ll give you your keys back 🙂
  • We let you know if it’s happening a lot. If there have been a lot of break-in attempts, it normally triggers an automatic warning. This is nothing to worry about. The email is the systems way of saying “Hey, I’m keeping you safe”. 


In summary; it can be scary to think that there are thousands of robots trying to break into your website. But trying is the important word there. With the security features we aren’t getting in and so you can sleep easy knowing your website is safe.