Bot Actions: How To Detect Behaviours Common To Bots

Shield Security is focused on helping you detect characteristics and behavior commonly associated with illegitimate bots. To achieve this, we use bot detection rules, or "bot signals".

Signals are just behaviours that bots have which indicate that they could be a bot. With enough of these behaviours, we can detect whether a particular bot is legitimate (good bot) or not.

Shield's Bot Actions component provides the following effective options to achieve this:

1. Detect and capture login bots
2. Detect and capture probing bots
3. Detect and capture bad bots with Mouse Trap
4. Detect fake web crawler and empty user agents

To access these options, you may go to Shield Security > Security Zones > Bots & IPs zone. When you click Configure (gear icon) next to the Bot Actions component, a configuration sidebar window will open up for you.

Access to Bot Actions options

You can decide how you want Shield to respond. You’ll have 4 options to choose from:

• Activity Log Only. This option lets you see the activity of these bots on the Activity Log before applying any offenses or blocks to offenders. It’ll let you test-drive the signal before making it take effect.
• Increment Offense (by 1). This option puts another black mark against an IP. As always with the offense system, once the limit is reached for an IP address, it is blocked from accessing the site.
• Double Offense (by 2). We’ve added the ability to give weight to certain behaviours. By allowing the offense counter to increment by 2, the IP will reach the limit more quickly, and be blocked sooner.
• Immediate block. If you decide that a particular signal on your site is severe enough, you can have Shield immediately mark that IP as blocked.

Read more about the offense limit here and the Automatic IP Blacklist System here.

Hint: You may also want to use HTTP Request Log to review all logs of HTTP requests made to your WordPress site.

We also recommend you to read:

• Am I Being Attacked By Bots?!