WordPress robots.txt Template for AI Crawlers

WordPress can serve a virtual robots.txt file even when no physical file exists. Add crawler-specific AI rules without blocking Googlebot, preserve the WordPress admin exception for admin-ajax.php, include the sitemap URL actually generated by your SEO setup, and verify the live root file.

WordPress site generating one managed robots.txt response with AI crawler rules, admin exception, and sitemap

Copy-paste robots.txt example

User-agent: GPTBot
Disallow: /

User-agent: ClaudeBot
Disallow: /

User-agent: CCBot
Disallow: /

User-agent: Google-Extended
Disallow: /

User-agent: *
Disallow: /wp-admin/
Allow: /wp-admin/admin-ajax.php

Sitemap: https://example.com/sitemap_index.xml

Start with a conservative WordPress template

This example blocks several training-oriented crawlers while preserving ordinary public crawling and WordPress’s standard administration exception:

User-agent: GPTBot
Disallow: /

User-agent: ClaudeBot
Disallow: /

User-agent: CCBot
Disallow: /

User-agent: Google-Extended
Disallow: /

User-agent: *
Disallow: /wp-admin/
Allow: /wp-admin/admin-ajax.php

Sitemap: https://example.com/sitemap_index.xml

Replace the sitemap address with the URL that actually exists on your site. WordPress core, an SEO plugin, or a custom sitemap system may use a different location such as /wp-sitemap.xml or /sitemap.xml.

Understand WordPress’s virtual robots.txt

WordPress core can generate robots.txt dynamically at the root URL. Its default public output includes a wildcard group that blocks /wp-admin/ while allowing /wp-admin/admin-ajax.php. The output can be changed through WordPress’s robots_txt filter, and many SEO plugins provide an editor that manages the same public response.

On common server configurations, a physical robots.txt file in the web root may be served before WordPress’s virtual response. Do not maintain competing versions without knowing which one the server returns. The only reliable source is the live file at https://your-domain.com/robots.txt.

Choose a safe editing method

  • SEO plugin editor: convenient when the plugin already manages robots.txt and the sitemap.
  • Small site or must-use plugin: use the robots_txt filter when rules should be versioned in code and survive theme changes.
  • Physical root file: appropriate when the web server is intentionally configured to serve it and the deployment process owns that file.

Avoid placing permanent robots.txt logic directly in a theme that may be replaced or updated. Also avoid copying a generic WordPress template over existing ecommerce, multilingual, membership, or staging rules without review.

Do not block useful WordPress resources blindly

Modern search engines need access to public CSS, JavaScript, images, and rendered pages. Broad blocks for /wp-content/, /wp-includes/, every query string, or every media file can interfere with rendering and diagnostics. Robots.txt is not a performance optimization for WordPress and does not secure plugin files, login endpoints, private media, or customer data.

Publish and verify

  1. Choose the exact AI agents that match your policy.
  2. Merge the rules with the WordPress output already used by the site.
  3. Open the root robots.txt URL and confirm the sitemap and WordPress paths.
  4. Test Googlebot and each blocked AI token with the checker.
  5. Clear page, plugin, server, and CDN caches if the public file still shows an older version.

FAQ

Why is there no robots.txt file in my WordPress folders?

WordPress can generate a virtual robots.txt response dynamically. Open /robots.txt on the live domain to see what crawlers actually receive.

Should I block wp-admin in robots.txt?

WordPress’s default public output blocks /wp-admin/ and allows /wp-admin/admin-ajax.php. This is a crawling preference, not security for the administration area.

Which WordPress sitemap URL should I use?

Use the URL that returns the live sitemap on your site. Common possibilities include /wp-sitemap.xml, /sitemap_index.xml, or /sitemap.xml, depending on the active setup.

Should I block wp-content or JavaScript files?

Usually not. Search engines may need public CSS, JavaScript, images, and other assets to render pages correctly. Block only paths with a clear crawler-related reason.

Why does my robots.txt change not appear immediately?

A plugin, server cache, CDN cache, physical root file, or virtual WordPress output may still be serving another version. Inspect the live response and clear the relevant cache layer.

Related tools

Related pages