You can’t protect what you can’t see. And right now, your standard analytics tool is actively hiding AI bot traffic from you.
Google Analytics, Plausible, Fathom — every major analytics platform filters out known bots. That’s good for getting accurate visitor counts, but it means you have zero visibility into the AI crawlers visiting your site. You don’t know which bots are coming, how often they visit, which pages they’re targeting, or whether they’re respecting your robots.txt.
The Visibility Problem
Here’s what most WordPress site owners don’t realize: AI bots are visiting their sites regularly, often multiple times per day. GPTBot, ClaudeBot, Bytespider, Amazonbot, PerplexityBot — there are over 60 distinct AI bot user agents active in 2026, and the list keeps growing.
Without dedicated bot tracking, you’re making decisions in the dark:
- Should you block all AI crawlers or allow some?
- Which bots are respecting your robots.txt and which are ignoring it?
- Are AI crawlers consuming a meaningful amount of your bandwidth?
- Which pages are they most interested in?
- Are any bots crawling at rates that could affect your site’s performance?
You can’t answer any of these questions with standard analytics.
What AI Bot Tracking Reveals
Dedicated AI bot tracking gives you a different picture than what Google Analytics shows. Here’s what it looks like in practice.
Bot Identity and Frequency
You’ll see every distinct AI bot that visits your site, identified by its user-agent string. For each bot, you get total visits, first and last seen dates, and visit frequency. Most WordPress sites discover 5–15 different AI bots within the first week of tracking.
Page-Level Targeting
Which pages are AI bots most interested in? Often it’s not what you’d expect. Blog posts with long-form content tend to attract more AI crawler attention than short product pages. Category archives and sitemaps are also heavily crawled as bots use them to discover new content.
Honeypot Hits
With honeypot detection enabled, you can see which bots follow hidden links — proving they’re crawling beyond what robots.txt-respecting behavior would allow. This is the clearest signal that a bot is ignoring your access controls.
Response Breakdown
On paid tiers, you can see how many bot requests were logged, blocked, tarpitted, rate-limited, or served decoy content. This tells you whether your response strategies are being triggered and how often.
Setting Up AI Bot Tracking on WordPress
AI Bot Tracker is a free WordPress plugin that makes all of this visible. Setup takes about 30 seconds:
- Go to Plugins → Add New in your WordPress admin
- Search for “AI Bot Tracker”
- Click Install Now, then Activate
That’s it. No API keys, no account creation, no external service. The plugin starts detecting and logging AI bot visits immediately. Within 24–48 hours, your dashboard will show which bots have visited, how many times, and which pages they crawled.
Reading Your Dashboard
The AI Bot Tracker dashboard is organized around four key metrics:
- Total Bot Visits — the total number of AI bot requests in your selected time period
- Unique Bots — how many distinct AI bot user agents have been detected
- Honeypot Hits — bots that followed the hidden honeypot link (these are ignoring your access controls)
- Blocked Visits — requests that received a non-standard response (Protect tier and above)
Below the summary cards, a pie chart shows the distribution of visits by bot, and a bar chart shows daily activity trends. The detailed visits log table lets you drill into individual requests.
What to Do With the Data
Once you have visibility, you can make informed decisions:
If most bots are respecting robots.txt and traffic is low: Your current setup is probably fine. Keep monitoring and check back periodically.
If specific bots are hitting your honeypot: These crawlers are ignoring your access controls. Consider upgrading to the Protect tier to block or tarpit them.
If crawl volume is high and consuming bandwidth: Look at the per-bot breakdown. You may want to block the heaviest crawlers while allowing others.
If you see unknown user agents: Bots that don’t match any known AI crawler signature but hit your honeypot are likely scrapers in disguise. Auto-blocking handles these automatically on paid tiers.
The key insight is that different bots deserve different responses. You might want to allow ClaudeBot (because you value being cited by Claude) while blocking Bytespider (because you don’t want your content in ByteDance’s training data). Bot tracking gives you the information you need to make these decisions per-bot rather than applying a blanket block.
From Tracking to Action
Visibility is the foundation, but the goal is informed control. Once you have tracking data, you can build a layered defense:
- Set your policy — decide which bots to allow and which to block based on your tracking data. Update your robots.txt and consider implementing ai.txt and llms.txt for more granular AI-specific policies.
- Choose response strategies — for bots you want to block, pick the right approach: block, tarpit, shadowban, or serve decoy content. Each strategy has different tradeoffs depending on the bot’s behavior.
- Enable honeypot detection — catch disguised crawlers that hide behind standard browser user-agents. These are invisible to user-agent tracking and can only be detected behaviorally.
- Monitor bandwidth impact — measure how much bandwidth each bot consumes, especially on content-heavy sites where aggressive crawlers can compete with real visitors for server resources.
For a complete walkthrough of all available bot control methods, see our guide to managing AI crawlers on WordPress. The full dashboard documentation covers every feature in detail.