Bot Detection
Bot detection identifies automated scripts and programs that visit your store to scrape content, prices, and product data.
Why Bot Detection?
Bots are automated programs that can:
- Scrape your entire catalog in minutes
- Monitor your prices to undercut you
- Copy your product data to competitor sites
- Steal your images at scale
- Overwhelm your store with requests
Unlike humans, bots can visit thousands of pages per hour, extracting everything.
How We Detect Bots
Store Shield uses multiple detection methods:
Browser Fingerprinting
Bots often run in unusual browser environments:
- Missing browser features that real browsers have
- Inconsistent reported capabilities
- Automated browser signatures (Selenium, Puppeteer)
Behavioral Analysis
Real humans browse differently than bots:
- Mouse movements (bots move in straight lines)
- Scroll patterns (bots scroll at perfect intervals)
- Page viewing time (bots are too fast)
- Click patterns (bots click programmatically)
Honeypot Traps
We place invisible elements on your pages:
- Hidden links that only bots "see" and click
- Invisible form fields that only bots fill
- Trap URLs that humans never visit
When bots interact with these, we catch them immediately.
Trap Links
Similar to honeypots, we create links that are:
- Hidden from human view with CSS
- Present in the HTML for bots to find
- Tracked when accessed
Detection Signals
When we detect a bot, we identify what type:
| Signal | What It Means | Confidence |
|---|---|---|
| Selenium | Automated browser tool | Very High |
| Headless | Browser without display | High |
| Puppeteer | Node.js automation | Very High |
| Honeypot | Clicked hidden element | Certain |
| Trap Link | Visited trap URL | Certain |
| Behavioral | Unusual mouse/scroll | Medium |
What Happens When Detected
When Store Shield detects a bot:
- Logged - The event appears in your dashboard
- Flagged - The visitor is marked as suspicious
- Counted - Added to your bot statistics
You can then choose to:
- Review the activity
- Block the IP address
- Ignore (for false positives)
Viewing Bot Activity
Analytics Dashboard
See your bot statistics:
- Total bot detections this period
- Trend over time
- Comparison to previous periods
Bot Detection Page
Detailed view showing:
- Recent detections with timestamps
- Bot types detected
- Source IPs and countries
- Pages targeted
Threat Intelligence
See patterns:
- Top IPs sending bots
- Most scraped pages
- Geographic distribution
Enabling Bot Detection
Bot detection requires a Starter plan or higher.
- Go to Bot Detection in the sidebar
- Toggle Enable Bot Detection
- Configure detection methods:
- ✅ Browser fingerprinting (recommended)
- ✅ Honeypot traps (recommended)
- ✅ Trap links (recommended)
- ⚠️ Behavioral analysis (can have false positives)
- Click Save
Handling Detected Bots
Option 1: Monitor Only
Just watch the activity. Useful for:
- Understanding your bot traffic
- Identifying scraping patterns
- Deciding if action is needed
Option 2: Block IPs
Add detected IPs to your block list:
- View the bot detection in the activity feed
- Click Block IP
- The IP is added to your IP blocking rules
Option 3: Block Countries
If most bots come from certain countries:
- Go to IP Blocking
- Add countries to the block list
- Those countries can't access your store
False Positives
Sometimes legitimate tools trigger detection:
Common False Positives
- SEO crawlers - Googlebot, Bingbot (we whitelist these)
- Accessibility tools - Screen readers
- Corporate networks - Automated security scans
Handling False Positives
If you see false positives:
- Check if the IP belongs to a known service
- Add legitimate IPs to your whitelist
- Reduce behavioral analysis sensitivity
Best Practices
Recommended Configuration
| Setting | Recommendation |
|---|---|
| Fingerprinting | ✅ Enable |
| Honeypot traps | ✅ Enable |
| Trap links | ✅ Enable |
| Behavioral analysis | ⚠️ Start disabled, enable if needed |
Review Regularly
- Check bot activity weekly
- Look for patterns (same IP, same time)
- Block persistent offenders
Don't Over-Block
- Some bot traffic is normal
- Blocking too aggressively can hurt SEO
- Focus on blocking actual scrapers
FAQ
Q: Will this block Google? A: No. We whitelist known search engine crawlers. Your SEO won't be affected.
Q: How accurate is detection? A: Honeypot and trap link detection is nearly 100% accurate. Fingerprinting is 95%+ accurate. Behavioral analysis is 80-90% accurate.
Q: Can sophisticated bots evade detection? A: Very sophisticated bots might evade some checks, but the combination of methods catches most. Honeypots and trap links are especially hard to evade.
Q: Does this slow down my store? A: No. Detection happens in the background and doesn't affect page load times.