How to detect behaviours common to bots

Shield Security is focused on helping you detect characteristics and behavior commonly associated with illegitimate bots. To achieve this, we use bot detection rules, or "bot signals".

Signals are just behaviours that bots have which indicate that they could be a bot. With enough of these behaviours, we can detect whether a particular bot is legitimate (good bot) or not.

How to detect behaviors common to bots

Shield provides the following effective ways to achieve this:

  1. Detect and capture login bots
  2. Detect and capture probing bots
  3. Detect and capture bad bots with Mouse Trap
  4. Detect fake web crawler and empty user agents

The all settings can be found under the main navigation menu > Config > IP Blocking > Bot Behaviours.

You can decide how you want Shield to respond. You’ll have 4 options to choose from:

  • Activity Log Only. This option lets you see the activity of these bots on the Activity Log before applying any offenses or blocks to offenders. It’ll let you test-drive the signal before making it take effect.
  • Increment Offense (by 1). This option puts another black mark against an IP. As always with the offense system, once the limit is reached for an IP address, it is blocked from accessing the site.
  • Double Offense (by 2). We’ve added the ability to give weight to certain behaviours. By allowing the offense counter to increment by 2, the IP will reach the limit more quickly, and be blocked sooner.
  • Immediate block. If you decide that a particular signal on your site is severe enough, you can have Shield immediately mark that IP as blocked.

Read more about the offense limit here and the Automatic IP Blacklist System here.

Hint: You may also want to use Traffic Watch Viewer to review all logs of HTTP requests made to your WordPress site.

We also recommend you to read:

Note: ShieldPRO is required for the certain Detect Bot Behaviors options. To find out what the extra ShieldPRO features are and how to purchase, please follow this link here.