Kinsta Launches Bot Protection for WordPress Sites, Included Free on All Plans

Kinsta, a leading managed hosting provider for WordPress, launched Bot Protection, a new feature built directly into the MyKinsta dashboard that puts site owners in control of who and what gets through to their site, including the surge of AI crawlers hitting WordPress infrastructure. The feature is included for all customers on all plans at no additional cost.

“Most bot management advice boils down to ‘block everything’ or ‘leave it alone’. Neither works at scale,” said Daniel Pataki, CTO at Kinsta.

Bot traffic has exploded and now accounts for more than half of all web traffic, with AI crawler activity growing 300% in the last year. For WordPress site owners, the problem is acute: the dynamic endpoints like cart pages and filtered product listings cannot be cached, meaning every bot request consumes server resources, according to Kinsta’s recent report. Bot Protection addresses this with environment-level control over automated and AI-driven traffic, configurable directly in MyKinsta without a support ticket or third-party tool.

Marketing Technology News: MarTech Interview with Theresa Pham, Head of Product @ Wayvia

Kinsta’s own infrastructure data found bots hitting add-to-cart URLs 7.67 million times in a single 24-hour period, and one crawler triggered 550 million requests in 30 days. This results in analytics that don’t reflect reality, making it impossible to trust the data behind spending and growth decisions.

“Most bot management advice boils down to ‘block everything’ or ‘leave it alone’. Neither works at scale,” said Daniel Pataki, CTO at Kinsta. “Block too aggressively and you hurt your search visibility. Do nothing, and bots are consuming server resources on endpoints that will never convert. We built Bot Protection so site owners can make that call themselves at the environment level, without needing an engineer to do it. We handle the safe traffic automatically, so your plugins and automations keep working no matter what protection level you’re running.”

Bot Protection gives site owners direct, self-serve control from within MyKinsta:

• Four preset protection levels configurable per environment: Block Malicious Traffic, Block Automations, Challenge Bots, Challenge Everyone
• A managed allow list automatically covers common WordPress paths, WooCommerce routes, and trusted traffic, with custom exceptions available by IP, user agent or request path
• Block AI Crawlers toggle for sites that want to opt out of AI indexing entirely
• CAPTCHA challenges powered by Cloudflare bot scores, with verified search engine bots like Google always allowed through
• Emergency lockdown: Challenge Everyone keeps a site live for human visitors during an active attack
• Bot traffic analytics: A dedicated dashboard tab breaks down traffic by type — verified bots, AI crawlers, automated traffic and likely humans — so you can see what’s hitting your site and what’s being blocked.
• Self-serve: no IT team or support ticket required

Some providers charge extra for this protection, but Kinsta includes Bot Protection on every plan.

“Customers are telling us that their analytics look fine, but their server costs keep climbing,” said Roger Williams, community manager at Kinsta. “Bot traffic was driving it, and they had no good way to act without calling support or paying for another tool. Bot Protection puts that control directly in MyKinsta.”