A discussion with friends and acquaintances made me think about AI bots and WordPress sites. They told me that Google, OpenAI, Anthropic and others run bots that crawl websites, partly for AI training, search, retrieval, or whatever else happens behind the scenes. They also said that allowing these bots might become important if you want your content to be mentioned, cited, or used in AI answers.

But from a normal WordPress site owner’s perspective, I see a basic problem:

How would I even know?

WordPress itself does not show me whether GPTBot, ClaudeBot, OAI-SearchBot, PerplexityBot or similar bots visited my site. Analytics usually shows human visitors and referral traffic, not raw crawler requests.

Many WordPress users also do not have easy access to raw server logs. And even if they do, they would still need to know which user agents belong to which AI crawlers and what those requests actually mean.

But the bigger question for me is this:

Even if I could see that an AI bot requested one of my URLs, how would I know whether my site was ever mentioned, cited, used as a source, or included in an AI answer?

With Google Search, we have Search Console.
With visitors, we have analytics.
With WordPress, we have plugins for almost everything.

But is there anything practical for AI crawler visibility or AI mentions?

Are WordPress site owners currently tracking this somehow, or are we basically blind unless we have server-log access and know how to interpret AI crawler requests?

The view count suggests people are at least curious, but the lack of concrete answers suggests the tracking side is still unclear.

[Update]

That makes me wonder how SEO people are supposed to measure this reliably. With classic search there is at least some kind of chain: crawling, indexing, rankings, impressions, clicks. With AI answers, I don’t see the same chain yet. If crawler visits, mentions, citations and referrals are all separate signals, how do we know what actually worked?

In my previous post, I asked why WordPress sites should allow AI crawlers when they create load, take content and send little traffic back:
https://www.reddit.com/r/Wordpress/comments/1sxvtqz/wordpress_sites_why_allow_ai_crawlers_if_they/

AI crawlers feed chatbots. AI companies make money. Publishers get two bad choices:
block them, or hope.

Are you already blocking - or just hoping?

Do you know how much they scrape?

Google is the hardest case: the AI purpose is masked behind normal Googlebot activity.

OpenAI and Anthropic are different. Their bot descriptions help, but are too vague for real selective blocking. Blocking only by bot name may even remove useful signals.

Would you want to decide by bot, URL and request intent - instead of blindly blocking whole crawler families?

Most WordPress traffic plugins give you a visitor view. But your server sees something else.

A lot of WordPress traffic is not clean human traffic. It can be crawlers, bots, scrapers, fake user agents, missing user agents, probe requests, AI crawlers, broken requests, suspicious paths, and other machine-driven noise.

Depending on the site and the measurement layer, this machine-driven request layer can become a surprisingly large part of what actually hits your server.

The problem is: many traffic plugins are built around the idea of counting visits. They are not built to help you inspect the suspicious layer.

That is why I built STV - Suspicious Traffic Viewer.

STV does not try to be another analytics dashboard. It does not replace server logs, a WAF, Cloudflare, or Wordfence. It also does not block anything.

Its purpose is simpler:

Make suspicious, bot-like, crawler-like, masked, and not-human-like WordPress traffic easier to see.

It focuses on things such as:

• missing or unusual user agents
• known bots and AI crawlers
• suspicious request paths
• non-200 responses
• requests that do not look like ordinary human pageviews
• traffic patterns that normal visitor analytics usually do not explain well

The plugin is currently available as a public GitHub release while the WordPress.org submission is still pending review.

GitHub:
https://github.com/LiteCache/litecache-stv

Important: download the installable plugin ZIP from the Releases section, not from GitHub’s “Code > Download ZIP” button.

I’ve been working on a small WordPress plugin called LiteCache STV - Suspicious Traffic Viewer.

The idea behind it is simple: most traffic plugins try to count visitors. STV tries to classify the request layer that is easy to miss - suspicious requests, masked traffic, known bots, AI crawlers, missing or unusual user agents, non-200 responses, and traffic that does not look clearly human-like.

It is not a realtime analytics dashboard, not a WAF, and not a replacement for server logs. It is more of an inspection tool for the suspicious/not-human-like layer that often gets buried inside normal-looking traffic.

The first public GitHub release is now available:
https://github.com/LiteCache/litecache-stv

Feedback from people who actually look at access logs, bot traffic, crawlers, or suspicious WordPress requests would be very welcome.

In my previous post, I asked why WordPress sites should allow AI crawlers when they create load, take content and send little traffic back:

https://www.reddit.com/r/Wordpress/comments/1sxvtqz/wordpress_sites_why_allow_ai_crawlers_if_they/

AI crawlers feed chatbots. AI companies make money. Publishers get two bad choices:
block them, or hope.

Are you already blocking - or just hoping?

Do you know how much they scrape?

Google is the hardest case: the AI purpose is masked behind normal Googlebot activity.

OpenAI and Anthropic are different. Their bot descriptions help, but are too vague for real selective blocking. Blocking only by bot name may even remove useful signals.

Would you want to decide by bot, URL and request intent - instead of blindly blocking whole crawler families?

A discussion with friends drew my attention to a specific topic: they told me that the majority of traffic is generated by bots or by disguised, machine-driven requests that cannot be detected by GA4, Matomo, or other traffic analysis tools. Is there a WordPress plugin that can make such "suspicious" traffic visible?

To clarify: by “suspicious” I don’t necessarily mean malicious or security-related traffic or bad bots.

I mean requests that may look technically normal, but do not behave like real human visitors. Wordfence can show and flag security-relevant traffic, but I’m interested in the layer between raw server logs and security alerts: requests that are invisible to GA4/Matomo and need behavioral context.