How To Protect Website From Scraping

How To Protect Website From Scraping

Web content is the most important and primary aspect of online marketing. Content comes in various forms like audio, video, text single still graphics, to name a few. According to European Business Review, web scrapping is on the rise. With over half of the online traffic coming from bots and spiders, good bots account for about 23% of the said traffic. Therefore, businesses need to explore various ways of eliminating bad web scrapping bots to prevent content and data theft. Eliminating scrapping bots also helps eliminate their traffic which is detrimental during analysis and decision making.

Why should you worry about website scrapping?

It turns out that a lot could go wrong when a person or a bot attempts to scrape your website. Below are some issues that could arise.

Denial of Service (DoS)

If a person scrapping your website has no experience or is a newbie, they may launch a bot that performs many requests without pausing between them. This temporarily overwhelms the server leading to a denial of service.

Intellectual property and data theft

When bots scrape all your web content, they expose your proprietary and intellectual data to the possibility of misuse and theft. It can make your company incur losses from the scrapers and websites that perform price comparisons.

How to prevent the scrapping of a website

Regularly changing a website’s HTML DOM

Web scraping bots and scripts rely upon establishing patterns in the HTML mark-up and Document Object Model (DOM) of a website. They then use these patterns to find the correct information on your website’s HTML. By regularly altering the mark-up on your website, you can frustrate the scrapper to the point of giving up. Always ensure that the DOM and mark-up are thoroughly inconsistent. This need not be a full-blown website redesign; changes in the classes and IDs in the HTML, and its corresponding CSS are enough.

Implement CAPTCHA on your website

You may be familiar with what a CAPTCHA test is, and chances are, you have encountered one in the past. In full, CAPTCHA stands for Completely Automated Public Turing to tell Computers and Humans Apart. Its core purpose is to differentiate between bots and human users. The accepted rule is that a CAPTCHA should be easy enough for a human with average intelligence to answer while remaining hard for computers to solve. Although they can effectively put scraper bots away, implementing many CAPTCHAs on your website can be annoying. Unfortunately, bots are getting more intelligent and can mimic human behavior in voice and image recognition nowadays. Therefore, consider using more sophisticated CAPTCHAs. Do not include the solution to the CAPTCHA inside the HTML mark-up, as bots can scrape it.

Using honeypots to trap the scrapping bots

Honeypots refer to web pages that a human visitor would never visit, but a robot clicking through the website can accidentally stumble across it. You can disguise such pages to blend with the background of the web page or set it to display: none in CSS. By capturing the bot’s IP address, a honeypot can automatically revoke their access to your site. Add a setting in the robots.txt file that disallows access to the honeypot by legitimate. This allows legitimate bots like Googlebot to continue crawling the site without being trapped. A scrapping bot would disregard the prohibition and scrape all the content, including the dummy honeypot article.

Controlling and monitoring the traffic logs and patterns

Ensure that you pay close attention to traffic patterns and monitor traffic logs. An abnormal increase or decrease in bounce rates and spikes in using bandwidth are signs of bot activity. Therefore, you can block or limit the access. Below are some ways that you accomplish this.

  • Rate limiting: If there is an increase in login attempts and searches per second, it is advisable to limit the rate of such incoming requests. You can, for instance, pop a CAPTCHA when a user (Bot) completes actions quickly.
  • Look for unusual activities: Are there too many repeated requests from an IP address? Do you see an unusual number of searches from a user or an excessive checking of web pages? These are usually the signs of a web scraping bot activity. You should also keep a close look at the outbound traffic movements.
  • Go beyond monitoring the IP addresses: Website scrappers are nowadays more sophisticated. They can scatter their User Access across various IP addresses every second or minute. Therefore, you should also monitor signs like:
  1. The presence of headless browsers.
  2. Linear and non-linear movements of the mouse and the areas being clicked.
  3. The rate at which forms are filled (bots fill out forms quickly).
  4. Browser fingerprinting. This helps you collect information like the time zone, resolution, and size of the device. With this information, you can differentiate human users from bots.

Data Obfuscation

If you worry about bots stealing personal information, obfuscating it might be the best solution. This is common for service websites like health services websites that store confidential patient data. Data obfuscation additionally provides privacy to your content viewers and protects them from crimes like identity theft and account takeovers. By replacing the sensitive data on your website with one that looks like actual product information, malicious actors scrape irrelevant content.

Limiting access

While some websites allow full access to an article or information, this can have detrimental consequences when the scrapers steal the content stealthily. The web scrappers can copy the articles into their web pages and mark them as quality content. Unfortunately, this can reduce the original site’s SEO ranking. Therefore, limit the access to the article to a few paragraphs rather than granting full access. This reduces the chance of content scraping and pirating.

Block familiar scrapers

You can investigate common website scrapping bots through their IPs and block them in advance from your website. Since IP blocking is quite a technical task, you can enlist the help of an expert. Alternatively, install the WordPress plugin for blocking IPs.

Copyright proof

To prevent scrappers from using your content without your authorization, you can claim copyright to it. By doing this, any authorship to your content requires your permission. It helps the owners of websites use stamps and digital signatures to identify their content.


To stay ahead of the website scrapper, the webmaster must remain vigilant and monitor various web scrappers’ tactics to steal the content. By implementing several of the above measures, you prevent the website content from scrapping by malicious bots. A malicious actor with both resources and tenacity may bypass some of the above measures, but it is good to remain vigilant. Monitor the network traffic and the sources to ensure that they use your services per your intentions.

You May Also Like