1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 2:27 pm May 3, 2026

Forum Moderators: DixonJones

Message Too Old, No Replies

After installing Hotjar, a whole lot of crap traffic

How to stop it?

         

Zippy1970

10:02 am on May 20, 2024 (gmt 0)

10+ Year Member Top Contributors Of The Month



I have a (test) website with 0 visitors, which is exactly what I want because I use the site as a test ground for my other sites. The site only gets the occasional visit by the bots from Google, but that's it. My robots.txt has excluded everything on the site, so it doesn't show up in online searches.

As I'm thinking of using Hotjar on one of my sites, I installed the Wordpress plugin on my test website and verified it throught the Hotjar website. In my log files, I can see the traffic from the Hotjar site, but much to my surprise I also saw a crap load of other traffic. This traffic comes from all over the world; The United States, Turkey, Netherlands, China, Hong Kong, France, Japan, etc... Most of it is malicious, trying to find backdoors or vulnerable modules. Others are trying to index the sites. This immediately makes the site useless for my testing purposes. And like I said, this started the second after I had installed Hotjar.

Some of the User Agents that are sent are unusual too. "https://about.censys.io/", "Go-http-client/1.1", "python-requests/2.31.0", "Apache-HttpClient/5.1.4 (Java/11.0.18)", etc.

Anyone else using Hotjar and experienced this? I thought Hotjar was benign, but it looks quite malicious now.

not2easy

11:48 am on May 20, 2024 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Were you checking your logs prior to installing hotjar? Most sites get that kind of unwanted traffic on a regular basis. We have decades of discussions on how to keep them out, here: [webmasterworld.com...]

Zippy1970

12:12 pm on May 20, 2024 (gmt 0)

10+ Year Member Top Contributors Of The Month



Yes. I check traffic on that site at least 30 times a day (no kidding) due to all the testing I do. Also, my logs go back to 2022. No traffic at all besides my own and the Google bot. Then literally from the second I installed Hotjar - boom. All this crap traffic.

not2easy

12:45 pm on May 20, 2024 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Have you looked at other, similar WP tools like Clarity from MS? It was discussed here: [webmasterworld.com...]

Zippy1970

10:42 am on May 21, 2024 (gmt 0)

10+ Year Member Top Contributors Of The Month



Not yet, and in all honesty, I'm a bit weary trying other similar tools now.

Hotjar either has a leak, or it's actively selling (my) information to third parties. And malicious parties at that.

Zippy1970

6:37 am on May 24, 2024 (gmt 0)

10+ Year Member Top Contributors Of The Month



Well, thanks to Hotjar, I can no longer use my site for testing. My site is now being bombarded by malicious traffic...

engine

7:21 am on May 24, 2024 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



Oh dear.

Assuming it was because of Hotjar and not some anomaly, what is going to happen when you remove hotjar?

Zippy1970

8:53 am on May 24, 2024 (gmt 0)

10+ Year Member Top Contributors Of The Month



I'm 99.99% sure Hotjar was the cause because it literally started within seconds after installing Hotjar. And I don't think uninstalling Hotjar will make a difference because my website is apparently already on "some list".

Like I said, now I get a lot of malicious traffic looking for vulnerabilities. And brute force attacks too. Last night I saw thousands of log entries of a few different IPs trying to brute force wordpress login.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 2:27 pm May 3, 2026