How to Block Bots from Seeing your Website – Bad Bots and Drive-by Hacks Explained

You’ve been hacked?
Don’t take it personally. Most websites are hacked randomly and with total disregard to your person, position, or title. It’s just business…

Kevin Mitnick once said, “The hacker mindset doesn’t actually see what happens on the other side, to the victim.” Born true a decade ago and still does today.

Kill the Bot

Kill the Bot!

So why are you allowing your website to be “owned?”

Prevention is your best weapon, but most people seem oblivious to how easy it is to blend into the virtual masses and hide in the shadows online.

One method of blocking hackers involves blocking bots from even seeing your website. If a bot stumbles onto your website and is immediately repelled, you’ve just scored a big win security-wise. Don’t be a target, be a bot killer!


How to block bots from seeing your website

Blocking bots is crazy-simple to do. First you’ll need to know how to locate your .htaccess file is a file most often found in your public_html directory. It’s just a text file. Don’t be scared… :).

Most web hosts have a basic File Manager, where the list of your website’s files can be viewed, along with an “Edit” button to make and save changes.

With your trusty File Manager or FTP File Editor in hand, you are less than one minute from being done with this tedious task.

Below is the the bot blocking list I use. Feel free to edit it to your heart’s content:

Within this list you’ll see sections with headings like “Yandex.” If you are a Yandex fan then remove the required lines of text and you’ll be all set.

Likewise, if your site is being hammered by fake Bingbots, just replace any of the existing lesser known bots in the list with “bingbot.” For example, replace:*
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Bingbot [NC,OR]
*Just remember to remove this line in a week or so (once you feel the attack has run it’s course).

In summary:

  1. First, see the list using the above link.
  2. Copy it to your computer’s memory.
  3. Next open your .htaccess file via your editor.
  4. Paste this list at the very top of your .htaccess file.

Seriously, you are done.

Check your website to see if it’s loading properly and without error. If so, then you’ve just built the poor man’s bot firewall in all of one minute flat, and can sleep better at night knowing you are super smart, accomplished, and can say with pride, “I am so smart!




Article Name
How to Block Bad Bots from Seeing your Website - Bad Bots and Drive-by Hacks Explained
Jim Walker, The Hack Repair Guy and website security expert explains bad bots and drive by hacks in this easy to understand how to article. Jim is the author of the block bad bots blacklist used by thousands to secure their websites.


  1. says

    Hi, the WordPress Plugin iThemes Security (formerly Better WP security) is offering your bad bot list saying: “As a getting-started point you can include the excellent blacklist developed by Jim Walker of”

    What I was wondering is that are any drawbacks associated with blocking (bad) bots. I’d appreciate a detailed response/explanation.


    • says

      I have received virtually no complaints over the past two years. The bad bot list is really quite minimal, blocking only the most well known and most egregiously aggressive bots.

Please feel free to comment via WordPress, Twitter, Facebook or Google+