Save 25% on Wizard’s SQL for WP w/ code: WIZARDSQL
Web Dev + WordPress + Security

Redirect Stupid Bots to Existing Resources

In case you hadn’t noticed, I’m on another one of my posting sprees. Going through the past year’s worth of half-written drafts and collected code snippets, and sharing anything that might be useful or interesting. Here is a bit of .htaccess that brings together several redirection techniques into a singular plug-&-play code snippet.

Help stupid bots reach their destination

Most websites are swarming with bot activity. Good bots find useful resources and are on their way. Stupid bots are too stupid to follow links and instead make requests for resources that don’t even exist. As in 404 “Not Found” errors draining server resources 24/7. For common, easily found URLs. For example:

  • Bots requesting login.php on a WordPress site
  • Bots requesting favicons.png and similar files
  • Bots requesting robots.txt in weird locations
  • Bots requesting xmlrpc.php in weird locations

Observing the crawl behavior of such bots, it’s clear they’re not actually looking for the login page, site favicon, robots.txt, and so forth. Instead they’re looking for irregularities and inconsistencies, in order to exploit for nefarious purposes. Or maybe they actually are trying to find the site’s robots file, but are just too stupid (read: badly programmed) to find it.

Fortunately, such suspect behavior is easy to remedy with a touch of .htaccess. To give you an idea, here is a code snippet that helps misguided bots reach their apparently intended destinations.

<IfModule mod_rewrite.c>
	RewriteCond %{REQUEST_URI} !/wp/wp-login.php [NC]
	RewriteCond %{REQUEST_URI} (wp\-login|login)\.php [NC]
	RewriteRule .* [R=301,L]
	RewriteCond %{REQUEST_URI} !^/favicon.ico$ [NC]
	RewriteCond %{REQUEST_URI} !/images/favicons.png$ [NC]
	RewriteCond %{REQUEST_URI} /favicon(s)?\.?(png|gif|ico|jpg)?$ [NC]
	RewriteRule .* [R=301,L]
	RewriteCond %{REQUEST_URI} /robots\.txt$ [NC]
	RewriteCond %{REQUEST_URI} !^/robots\.txt$ [NC]
	RewriteRule .* [R=301,L]
	RewriteCond %{REQUEST_URI} !/wp/xmlrpc.php$ [NC]
	RewriteCond %{REQUEST_URI} xmlrpc.php$ [NC]
	RewriteRule .* [R=301,L]

This code snippet may be added to your site’s public/root .htaccess file (or add via server config). Remember to replace each instance of with your actual site URL. Or you can simply remove to just use relative URLs, like /robots.txt and /wp/xmlrpc.php for example.

Once in place, the above code will redirect requests for non-existent resources to the actual file. Note that some of these rules are intended for WordPress sites, so remove the LOGIN and XMLRPC for sites not running WordPress.

Regardless of the site, the main goal of the above code sample is to give you an idea of how to better manage traffic. With a few well-crafted Apache/.htaccess rules, you can help wayward bots find what they’re looking for, which in turn improves traffic quality and helps minimize exposure to any irregularities.

Related Posts

I’ve written tons of articles related to this topic. To read more, you can browse the archives and/or visit some of these choice posts:

Jeff Starr
About the Author
Jeff Starr = Web Developer. Book Author. Secretly Important.
The Tao of WordPress: Master the art of WordPress.

Leave a reply

Name and email required. Email kept private. Basic markup allowed. Please wrap any small/single-line code snippets with <code> tags. Wrap any long/multi-line snippets with <pre><code> tags. For more info, check out the Comment Policy and Privacy Policy.

Subscribe to comments on this post

Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
The Tao of WordPress: Master the art of WordPress.
DIY: Monitor File Changes via Cron working perfectly for over a decade.
Mastodon social is a trip. Glad I found it.
As a strict rule, I never use cache plugins on any of my sites. They cause more problems than they solve, imho. Just not worth it.
Currently on a posting spree :)
6 must come before 7.
My top three favorite-to-write coding languages: CSS, PHP, JavaScript.
If you’re not 100% sure that you can trust something, you can’t.
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.