How to avoid bad bot traffic during Black Friday
Table of Contents
Last week, we helped you get your website ready for the Black Friday traffic spikes. Now that you’re all set to handle the upcoming traffic, do you know how much of it is real and how much – non-human? According to Statista, in 2022 more than 40% of Internet traffic is from bots, and a significant portion of that is bad bot traffic. This kind of bot traffic hurts your online business and can lead to both financial and conversion losses. Let’s dig deeper into what bot traffic is, why most of it is so harmful, and how to avoid it during the busiest time of the year.
What is bot traffic and why it should be cut down to a minimum
Bot traffic is any non-human traffic that comes to a website or app. Some of it is good, when it originates from SEO crawlers (such as Google crawl bot), commercial, site-monitoring, or feed bots. Needless to say, all of these cause no harm to your site. On the other hand, bad bots come with malicious intent. These can leave spam comments, irrelevant backlinks, weird advertisements, collect private information, reuse your content, perform DDoS attacks, and other malicious activities.
How bad bot traffic affects your website
Bad bot traffic may have different consequences on your website and business, causing multiple damages:
- Website security and availability damage
Bad bot traffic hurts your website security and availability. For instance, these massive amounts of traffic to your site are a way for hackers to cause a DDoS attack. During such an attack, the traffic is so massive that the server where your site is hosted cannot handle it. This can make your website slow, unreliable or even unavailable for your users.
Bad bots are also the main force of a brute-force attack – a way to guess your password/login details by trying numerous combinations of letters, numbers and symbols. If such an attack is successful, malicious hackers gain access to your account and/or private information.
- Website speed issues
Even if it doesn’t cause massive hacker attacks, bad bots activity can make your website much slower or even unavailable for your real visitors, affecting their overall user experience. To have your visitors stay longer on your site and turn them into clients, you’d want them to have an excellent user experience. A huge part of that is your website loading speed being as fast as possible.
- Analytics metrics and SEO rankings chaos
Bad bot traffic can also hurt your analytics metrics and SEO rankings. For example, too much bad bot traffic can bring your site down and cause 503 errors (“site is temporarily unavailable”). This directly negatively impacts your SEO rankings. What is more, bad bots can affect your analytics metrics, causing abnormally high pageviews and bounce rates, sudden drop/increase in session durations, and fake conversions. All these factors may confuse you as a site owner and you may not be able to make sense of your analytics data.
How we decrease bad bot traffic at SiteGround
At SiteGround we take multiple measures at different levels to reduce bad bot activity by default for the websites hosted on our servers, so you can have peace of mind.
Improved and advanced AI anti-bot system
Our AI anti-bot system has successfully been blocking millions of brute-force attempts per day. Recently, we improved it even further, resulting in 95% less bad traffic. Its core features are still there – analyzing and recognizing traffic patterns to eventually stop brute-force attempts. With each new brute-force attempt, the system’s knowledge expands and it gets better at preventing future attacks. As of recently, we’ve upgraded the system with a traffic validation feature that stops even more malicious non-human bots by minimizing the number of brute-force attacks. Currently, the system blocks a huge percentage of bad bots traffic towards our servers, allowing more capacity for your websites for legitimate traffic.
Combined with our enterprise-grade security system, these server-level security optimizations block the majority of all bad bot traffic and ensure website protection on a global scale. Let the numbers speak for themselves – 99,99% of bad traffic is blocked before it even reaches your website.
Smart, server-level WAF
Hacker attacks usually increase during the Black Friday season. A single outdated WordPress plugin, theme, or vulnerability can easily be used for massive damages during this busiest time of the year. That’s where our smart Web Application Firewall comes to the rescue. Our security experts closely monitor security bulletins and server activity 24/7, and in case of reported exploits, immediately add custom WAF rules (patches) into our server firewall to protect your site from current hacks and breaches due to outdated plugins, and other vulnerabilities. Our proactive security approach allows us to react much faster, often before the original plugin, theme or app developers have had the chance to release an official update. The most recent example of this was just last month, with two previous major ones not so far behind – a plugin vulnerability patched on day 0, and a Linux Kernel vulnerability patched within hours of detection.
To address potential DDoS attacks from bad bots, we have a system of hardware and software mechanisms to protect your sites:
- A hardware firewall that filters flooding traffic;
- A local software firewall with more complex functions and traffic monitoring;
- А limit to the number of connections a remote host can establish;
- A check for a high number of failed login attempts from hosts and filtering them, if any.
24/7 server monitoring system
Again, in addition to all monitoring and prevention systems and checks in place, our expert system administrators team are monitoring our servers 24/7 for any system issues and in case of any, can react quickly to save the day.
How to identify that you have bad bot traffic coming to your site
Now, you probably wonder what are some signs and symptoms of bad bot traffic that will help you identify whether your site is in danger. Here are some of the red flags and ways to prevent them:
- Check your site traffic stats
You also need to check your traffic statistics, especially the IP addresses and the sources of traffic. For example, regular and high number of visits from the same IP address or increase in traffic from other regions or countries, from which you didn’t have (much) traffic before, could be an indication of bad bot traffic. As a SiteGround customer, you can easily check your traffic statistics in Site Tools > Statistics > Traffic.
- Keep an eye for unusual users’ behavior
Remember to monitor your users’ behavior regularly. In case there are increased spam comments under your posts, strange user registrations, and/or increased blocked login attempts, these are all red flags that you might be getting bad bot traffic to your site. WordPress users, who have the free SiteGround Security plugin installed, can monitor their site and login page for unauthorized visits and brute-force attempts from their Activity Log menu. What is more, they can easily block suspicious IPs and visitors.
- Make regular speed tests
You probably already do that, but if you don’t, it’s a good idea to start making regular website speed tests. For this purpose, you can use a number of different tools to measure your site speed, such as Google PageSpeed Insights, Pingdom, GTMetrix, and others that generate results in all the major speed metrics.
In case you have the free SiteGround Optimizer plugin installed on your WordPress website, you can run a speed test within the plugin in its Speed test functionality. The check uses Google PageSpeed, provides information on the level of optimization in over 20 different areas, and gives you optimization suggestions.
If you identify that your site is experiencing page loading speed issues, dig deeper into the problem to find out the causes. These might not necessarily be bad bot traffic issues, but that’s one of the main potential reasons behind the slow speed results.