Traffic going to woodcentral.com from Sep 19 - Oct 20
13 million requests
16,000 human visitors out of 13 million requests
21,000 unique pageviews
Requests count every resource hit (HTML, CSS, JS, images, etc.).
Pageviews count only main HTML documents loaded by browsers.
Older, long-established domains like woodcentral.com (registered in 1998) tend to accumulate massive amounts of automated traffic over the decades. Here’s why:
Why old domains attract bots
They appear on countless old link and crawl lists.
This site has likely been indexed, scraped, archived, and re-listed in thousands of databases, directories, and “site dumps” used by SEO tools, scanners, and bots since the early 2000s.Hackers and scanners target “legacy” domains.
Automated scripts constantly probe older domains for outdated CMSes, vulnerable scripts, old CGI or PHP forms, etc. Even though we've modernized our stack, bots don’t know that — they’re testing URLs like/wp-login.php
,
/cgi-bin/formmail.pl
just in case. Even several years after discontinuing the old forums, we continue to get probed by bots hundreds of thousands of times a day looking to hack their Perl scripts.
Search engine and AI scrapers are relentless.
Bots from AI companies, data aggregators, and search indexers crawl millions of sites daily. If a site is public and has lots of historical or user-generated content, it’s a goldmine for them.Referrer spam and analytics spam.
Some bots make fake visits just to get their URLs to appear in analytics or server logs.
Typical ratios
For older, content-rich sites, this traffic mix is common:
95–99% of total requests = bots/crawlers
1–5% = actual human visitors
So our stats of 16K human visitors are completely normal for a legacy domain with broad historical visibility. That’s roughly 0.1% human, 99.9% automated.
Can inexpensive "consumer" hosting handle this kind of traffic?
13 million requests in a reporting period (even if 99% are bots), that’s way beyond what popular shared hosting (GoDaddy, Bluehost, IONOS) could realistically handle.
Every request consumes CPU, RAM, and I/O.
Even lightweight PHP scripts or static file requests add up fast. Millions of hits per month can easily overwhelm the limited process and connection caps typical of $2–$10/month hosting.Shared hosts throttle or suspend “noisy” sites.
Hosts monitor CPU seconds, I/O, and bandwidth per account. A few bots hammering your site 24/7 can trip those limits — resulting in 503 errors or account suspension — even if your real traffic is light.Disk and bandwidth quotas are small.
13M requests could translate into hundreds of GB of bandwidth. Shared hosts often enforce soft caps or throttle speeds beyond certain limits.
How we handle this
We route all traffic through a Content Delivery Network (CDN) before it gets sent to our actual server. Some of the things a CDN can do are as follows:
Caches static assets (HTML, images, JS, CSS) globally, so most requests never hit our origin server.
Filters and blocks bad bots before they reach our host.
Rate limits abusive IPs and protects against DDoS automatically.
Serves stale content if your origin ever goes down — keeping uptime high.
Reduces bandwidth usage on our host dramatically (sometimes by >90%).
Using this and other techniques, our server resource usages is very low, and we consistently rate among fastest sites on the web in Lighthouse1 metrics and zero errors using Nu Hmtl Check.2
Good news
Good news is we are now getting lots of legitimate traffic from search engines. Previously, it was about zero, as most of the forum posts were archived and not available online, and almost all the pages didn't meet Google's requirements to be mobile friendly. Of "human traffic" on a typical day, it is about 20 returning visitors (those who have visited the site before, which would be those we affectionately call "old-timers") and about 300 new visitors which would be mostly those visiting a link from a search engine.
The little text ads you see are test ads; we don't have any actual paid advertisers at this time. But I'm monitoring the views and clicks of actual humans (not bots) and think we are now a good venue for advertising. But how do we "advertise" to potential advertisers to advertise here? Sort of a Catch-22.
__________
1. Lighthouse currently shows
`StorageType.persistent` is deprecated. Please use standardized `navigator.storage` instead. sd/main.js:1:6177(www.woodcentral.com)
This is generated by the CDN and outside our control. Deprecated means slated to be invalid but still works. The error will go away once the CDN updates its code.
2. Nu Html Check currently shows
Error: CSS: contain-intrinsic-size: Property contain-intrinsic-size doesn't exist.
This is a new valid CSS property, but the checker code has not been updated and flags it as an error.