How To Stop Automated Bot Traffic On My WordPress Website?

My website is getting bot traffic from Warsaw, Poland, as I can see in my google analytics, on a daily basis. The Average duration time is 0 seconds, and this has harmed my blog in terms of traffic.

To solve the issue I used Cloudflare’s nameservers, turned on the bot fight mode, created a rule in cloudflare’s WAF to block a few URLs (as in the Google Analytics it’s showing that the traffic coming from Poland is a referral traffic from this website: and it redirects to another url and then another).

But after doing all these, I am still getting the bot traffic from Poland and from the same referral site.

How can I stop such bot traffic from coming on to my website? I also tried WP plugin “WordFence” but am still getting the automated bot traffic.

I also tried checking the visitors in my hostgator cpanel so that I can block the particular IP address, but after checking all the IP address, I didn’t find any IP address from Poland, all from India. So I couldn’t block any of them thinking may be that could be an actual visitor.

So now, is there any way to stop the bot traffic on my wordpress blog?

Please help me someone.

NOTE: I started using cloudflare’s nameservers just 2 days back, before that I was using my hostgator’s nameservers.

Please check the main thread on this: I want to stop invalid referral traffic to my site coming from malicious subdomain


I use an plugin called IP2 country blocker and exclude all countries except USA, Canada and UK.
The lowest level database is free and reftreshes every month. Dbs paid are extensive with features.
I was getting tons of china and Russia traffic before.

In the topic @user7897 linked, there is a detailed reply that suggests no real connection is ever attempted, which means it cannot be blocked. The reply does include some other suggestions to help mitigate the effects of the referral spam. You can jump directly to that post here: