I’d very much appreciate some explanation on very simple and plain language about why Bot Fight mode doesn’t let Google Analytics 4 in but many bad bots does?
I read many community discussion. Explanations from staff that bot fight mode is not for everyone, just switch it off, or buy enterprise plan - is not good enough. Keeping “under attack” is harmful enough for reference, traffic etc… including visitors, including all the good bots. Creating help ticket - worthless - in a month or so I might get some robotic “help” with links to the help pages. Help pages are totally not good enough, they don’t explain anything, they don’t give examples, commands or anything related to how to actually use it.
So I really hope that some great professional just stop by and help to solve this blasted issue.
We all use cloudflare for 2 things - CDN and WAF. And like many we have Pro.
More and more we are all become victims of bots attacks, they are millions of them trying to probing, inject etc… slow Ddoss… is a new and quiet effective way to block a site.
So it’s kind of important to have bot fight mode. And we switch it off… What’s left of use? a weak CDN? Not good enough.
Only with this one nothing is really working. We have a wordpress. So we had to get to all developers and ask for help.
Obviously IPs are added to WAF allow lists and configuration rules… more than 400 of them : total Google list, Bing, Msn, Yahoo, even Yandex and Duckduckgo.
That’s the first thing what comes to mind.
Of course verified bots is on.
We ended up with asking developers of essential plugins to add our servers and cloudflare IPs to their databases to get trough…
But none of this solves the issue: the problem is still the same. We usually have between 4k to 6k daily visitors. The moment we switch on bot fight mode - google analytics counts between 300-800… we stitch it off - everything goes back to normal. But I can’t spend sleepless nights and watch our company’s site, block bots IPs, block commands with wordfence etc…
and the worst. bit fight mode, verified bots only… but why I see in our live traffic bots from Singapore and Moscow trying to hack our site? I daily block 10 of them. How they can get trough?
any solution to this?
Please help. And please write something very simple… even better an example, so I can copy and past. thanks a lot everyone