When good bots go bad.

5 Minutes

You may have heard much about bots in the last few months when a billionaire started talking about buying a certain social media platform. Or, you may be fighting your own battle with the bots on your website with spamming your forms or attempting to hack your login information. It’s an annoying but not insurmountable problem to have. In this article, we’ll cover what a bot is, good bots vs. bad, and what you can do to block out the bad while making use of the good.

Despite Elon’s hesitance about buying Twitter because of the number of bots he thinks are on the site, there are some positives to bots on the web. They can be useful sometimes, especially when it comes to helping a website’s users on their journey.

Bad bots, on the other hand, include spam bots whose main program is to engage with users in order to scam them out of money or information. They can be found on social platforms such as Twitter or Instagram, persuading people to send cryptocurrency or digital currency to online wallets for prizes that don’t exist. 

Sometimes spam bots are used to attack politicians or celebrities by creating a hostile environment for them online. This has led to some people renouncing social media platforms altogether. In other instances, they can be used to attack and overwhelm websites, rendering them unusable. 

But first, let’s rewind.

What’s a bot?

A bot is a piece of software created by programmers to carry out automated operations online. Bots are capable of mimicking or even replacing the actions of actual users. They excel at performing monotonous, repetitive jobs. In addition, they’re quick and efficient, which makes them the ideal option if you need help to do large-scale tasks and don’t have the resources to hire more people. 

Good bots vs. evil bots.

There are all kinds of bots out in the digital world. They can work for or against users depending on what they’ve been programmed for. 

  • Social bots that measure user engagement
  • Monitoring bots that track a system’s health
  • Search index bots that crawl the web for search engines
  • Chatbots used for customer service chats
  • DDoS bots overwhelm a system with malicious traffic.
  • Spam bots that try to fool users into clicking malicious links
  • Email bots send out emails without a user’s knowledge or permission.
  • Web crawling bots that scrape personal information

Bots on board

When it comes to websites, there are helpful bots that can be used on both sides of the computer. A website’s ability to use bots to automate things creates a good user journey and a more seamless experience. They can also help with time savings and efficiency. On the other hand, bots can be used for malicious purposes. This can be dangerous for both you and your users.

  • Faster at repetitive and boring tasks than humans – time savings
  • Available 24/7
  • Customizable 
  • Improved and reliable user experience
  • Risk of misunderstanding users
  • Cannot perform some exact tasks
  • Still need to be managed by humans/need to step in if misinterpretation
  • Can be used for malicious purposes i.e. spam

Why are spam bots an issue? 

When used maliciously, bots can range from just being petty annoyances to dangerous. At the lighter end of the spectrum, they can fill up your inbox with automated junk messages through your website’s forms. Not really harmful but very annoying. 

At the more dangerous end of the spectrum, there are bots that can be harmful and destructive by doing things such as scraping your data, cracking passwords, or tracking keystrokes. 

Some spam bots are used by governments, corporations or other bad actors acting for a number of nefarious purposes. During the 2016 U.S. presidential elections, Russia used spam bot accounts to impersonate Americans to try to sow divisions among U.S. voters on social platforms. 

The bots are everywhere.

Not to scare you, but bots are in more places than you think. That chat you use to get info from a website? Many of the responses can be automated to deal with the volume of questions. Having automated bots is not always a bad thing, but it can be frustrating and annoying to have them doing things such as submitting forms on your site. You’re not alone. This happens on almost every site on the internet. 

Hard to combat

It’s almost impossible to fully eradicate bots from any site, but there are plenty of ways you can slow the flow of them coming your way so you can spend less time-fighting bots and more time doing maintenance and upgrades to help your business get off the ground or evolve into the next level of success.

The best defence is a good offence. 

The best way to combat bad bots on your website is to have ongoing support and maintenance. There are things you can do yourself, or you can employ a service, such as our WebOps services, to enjoy some peace of mind. 


The easiest way to deal with bots getting into your forms and site is something most of us are familiar with – a ReCaptcha. That little check box and/or picking the pictures of trains. 

A site plugin

Another step in keeping the bots at bay would be to employ a plugin such as Defender Pro, WordFence, or Jetpack, depending on the size of your website.

Access renaming

Renaming WordPress access gives you a lot of security and helps prevent your website from getting hacked. By doing so, you’ll be keeping bots out by preventing them from running autologin guesses. 


Finally, our WebOps service is also a great way to monitor and optimize your site to fight the bots. Let us take care of your site’s defences so you can focus on the good stuff.