May 9, 2018 by Paul G. | Ask Paulie Anything

Am I being attacked by bots?! [Ask Paulie Anything, Episode 6]

Shield Logo

Welcome to Episode 6 of Ask Paulie Anything.

Today, instead of answering a question directly sent to me for the purposes of this video, I’m going to answer a support ticket that was sent to us a few days ago. We’re going to discuss how you should be thinking about your traffic and “bots”.

The ticket is:

I recently noticed I’ve been getting a lot of bot hits to admin-ajax.php that returns a 200 code. Had over 40 hits to that from the same IP a few days ago in rapid succession.

Is there anything Shield can do about this?

I thought Shield would pick up on things like this and implement a block, but my logs show it’s been going on completely unchallenged.

[0:44] – Bot Hits, 200 Code… How To Fix A Problem Like This

There’s a couple of things we really need to address here, that make it difficult to fix a problem like this. There are a lot of assumptions built into this question.

Here’re some of the assumptions:

I recently noticed I’ve been getting a lot of bot hits.

“Bot hits”? That sounds like you already know that you’re getting hit by bots. Do we know that they’re bots? Instead of saying “bots”, you could just say “traffic”.

Traffic means that you at least have an open mind on what this could be. But, if you say “bot hits” then that’s the lens through which you’re trying to solve this problem.

… to admin-ajax.php that returns a 200 code…

The “200 code” is referring to HTTP code and if you get 200 code, that means that the request and the response were successful.

With admin-ajax.php a 200 code typically means that there’s a plugin, that there’s something on the WordPress site that has received that request, handled it and responded successfully. Otherwise, you wouldn’t get 200 code.

Had over 40 hits to that from the same IP a few days ago in rapid succession.

“40 hits” is nothing. We call them “hits” here because we think we’re getting hit by bots, but actually, 40 requests is not a lot.

… in rapid succession…

How rapid? How often do these come? Did they all happen within 60 sec, 1 sec, an hour, or, imagine you get 40 hits a day. What’s the problem with that?

If it was within an hour, that’s less than 1 in a min. Is that really a bot?

[2:21] – Is There Anything Shield Can Do About This?

No. It’s not Shield’s purpose to just block traffic. Shield’s purpose is to investigate a request and decide whether or not it’s legitimate. In this case, it was legitimate.

After a little bit back and forth with the client, we learned that those 40 hits occurred within 30 min and that’s just over 1 per minute.

If I was writing a bot for the purpose of automation, I would write it to be a little bit more efficient than that. So, it’s clear to me that this is not a bot.

[2:57] – Is This Actually A Security Issue?

I decided to go to the customer’s website and I found that when you right click on the page, it sends 2 ajax requests.

This points to me another core security issue, that people don’t understand what’s going on on their own sites.

If you don’t know that when you right click on the page that it’s going to send at least 1 ajax request, then you need to dig into your plugins a little bit further. You need to vet what exactly is going on on your site.

This is so that when you do get traffic in your logs you’re able to understand perhaps where that traffic is coming from, why it’s reaching your server, rather than “I get a lot of hits, it must be a security issue. Getting attacked by bots, why is Shield not protecting me?”

What Is Shield Doing?

Shield is doing its job but you should do your job too by vetting your plugins, your themes… making sure you know what every single plugin is doing on your site.

You also have to ask the question:

[3:55] – What Is The Purpose Of Bots?

Bots are there because they’re robots. They’re automated and designed to do the repetitive tasks quickly.

“40 requests in 30 min” is a repetitive task but it’s not very quick. So, what’s the point of writing a bot to do that? What is the purpose of the bot to mimic that “right click” to send you ajax requests that are legitimate? What purpose would that bot have?

So, my advice is:

Dig into your site, find out what’s going on, try to understand all aspects of your site, all the plugins that you’re using.

Then, as you do that, you’ll build a bigger picture of your site, how it supposes to operate, what’s normal and what’s not normal.

Thank You! Comments, Questions?

If you have any questions about this topic or anything uncovered in the previous videos, feel free to send me a question by using the form below.

Ask Your Own Question Here.

And as always, if you’re on YouTube, click the “Subscribe” button. If you’re on Facebook, click to “Like” or share. Do all of that lovely stuff. 🙂

ShieldPRO Testimonials
@zekadeo's Gravatar @zekadeo


Provides a lot of great features for free. No noticeable performance degradation. Key features are free. Paid license seems to just support creators and gives bonus features. 10/10

@b2bgoods's Gravatar @b2bgoods

Very Good Service, I Like it

Very Good Servive, Would be auto renew! and also you can cancel and refund. I have tried it .

@nippermh's Gravatar @nippermh

Great firewall!

Thank you so much for creating this fantastic plugin.

@sinou2014's Gravatar @sinou2014

Can’t live without it now

I’ve tried MANY products, but nothing quieted down the SPAM on our site in forms and forums like Shield! We gave it the 14-day free trial, and deactivated Akismet which didn’t really do the job. During the trial, we were still getting light SPAM come through, mainly in wpforo that…

Hey there beautiful! Do you like what you've read here? :)

If this cool feature is something you'd like, but you haven't gone PRO yet, click here to get started today. (no risk, with a 14-day satisfaction guarantee!)

You'll get all PRO features, including Malware Scanning, WP Config Protection, Plugin FileGuard, import/export, customer support, and so much more. Not only that, you'll get that warm, fuzzy feeling that comes from supporting our work and future development.

Make Me Pro →

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese