New Feature: Playlist Center! Pick a topic and let our playlists guide the way.

Start learning with our library of video tutorials taught by experts. Get started

WordPress 3: Developing Secure Sites
Illustration by

Detecting and blocking bad bots


From:

WordPress 3: Developing Secure Sites

with Jeff Starr

Video: Detecting and blocking bad bots

In this screencast, we are going to protect our web site against bad bots. We've seen how to do this with a plug-in in the previous screencast, but there is a better, more efficient, way to protect your site directly, using the htaccess file. Here, in our FTP/file editor, we're looking at our site's web-accessible route htaccess file. To implement this method, grab a copy of the htaccess code that's included in the exercise files of this screencast. Copy everything and then return to your file editor and paste the code beneath any existing rules.

Watch this entire course now—plus get access to every course in the library. Each course includes high-quality videos taught by expert instructors.

Become a member
please wait ...
WordPress 3: Developing Secure Sites
2h 36m Intermediate Jun 27, 2011

Viewers: in countries Watching now:

This course explains how to secure self-hosted WordPress sites, including site configuration, code modification, and the use of free plug-ins. Beginning with the basics of site security, author Jeff Starr explains how to harden a WordPress site by configuring authentication keys, setting proper file permissions, and removing version numbers. The course shows how to implement a firewall, prevent automated spam, and control proxy access, and concludes with a series of advanced tips and site security best practices.

Topics include:
  • Backing up and restoring your site
  • Setting up strong passwords
  • Choosing trusted plugins and themes
  • Protecting the configuration file and the admin directory
  • Securing the login page
  • Fighting comment spam
  • Blocking access and detecting hacks
  • Finding and reporting vulnerabilities
Subjects:
Developer Web CMS Web Development
Software:
WordPress
Author:
Jeff Starr

Detecting and blocking bad bots

In this screencast, we are going to protect our web site against bad bots. We've seen how to do this with a plug-in in the previous screencast, but there is a better, more efficient, way to protect your site directly, using the htaccess file. Here, in our FTP/file editor, we're looking at our site's web-accessible route htaccess file. To implement this method, grab a copy of the htaccess code that's included in the exercise files of this screencast. Copy everything and then return to your file editor and paste the code beneath any existing rules.

This chunk of code is like a virtual control panel for blocking bad bots and user agents. First, we're blocking blank user agents. Then these lines here collectively block some of the worst known bad bots. Then this last section here is the part that actually does the blocking, based on what you have listed in these previous directives. And best of all, no upfront editing is required for this code to work.

Just save and upload the file to your server. To see it in action, let's return to the browser and visit this ridiculously handy user agent bot-simulation tool. First, let's just see it work by adding the URL of our web site and clicking the Go button. Here is our demo site that we're working with. So we copy the URL from the address bar and return to Bots versus Browsers and paste that URL here.

Then we click the Go button. As expected, our site is accessible when using the legit user agent, specified here. So now let's check that the code is working by spoofing a request from one of our blocked user agents, or blocked bots. Returning to our FTP editor. Let's grab a random user agent, skygrid, copy, and return to our Bots versus Browsers page. Paste it into the user agent field like so and then click Go with your site's URL still in the URL field. A 403: Forbidden means that the request has been blocked.

This is exactly the response we want to send to bad bots. It's is a simple response that's easy on the server. Using a plug-in would have required significantly more resources to deliver the same response, requiring WordPress, plug-in files, and the database just to block a bad bot. Using htaccess lets Apache just make the block directly at the server level, which is the optimal way of doing it. To add new bad bots to the list, return to your file editor, and we can either create a new line or just add the name to an existing line, like so.

Casing shouldn't matter, because of this directive here NoCase. So you can use any combination of upper- and lowercase letters and the result will be the same. Or we can instead just start a new line like so, sort of emulate the previous lines, and then put our new blocked bots on their own line.

And this is a good way to help keep things nice and organized, as you use this method to protect your site. That's all there is to it, so let's save and upload the file and return to our handy Bots versus Browser page to see it work. We type in the name of the user agent that we just added and click the Go button. That's it right there. Our request using this user agent has been blocked.

In this screencast, we've seen how to block bad bots and user agents from accessing our web site. Using htaccess instead of a plug-in, we're able to block bad bots directly, with greater efficiency and better site performance.

There are currently no FAQs about WordPress 3: Developing Secure Sites.

 
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.
Upgrade now


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ.

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

join now Upgrade now

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed WordPress 3: Developing Secure Sites.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferencesfrom the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Are you sure you want to delete this note?

No

Notes cannot be added for locked videos.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.