Robots.txt for WordPress: The Complete Guide

You install WordPress, publish a few posts, and never think about robots.txt again — because WordPress quietly creates one for you. That's fine, right up until a plugin conflict, a migration, or a "just Disallow everything" tutorial leaves a broken rule sitting at yoursite.com/robots.txt, silently telling Google to stop crawling parts of your site you actually wanted indexed.

Robots.txt is one of the smallest files on your server and one of the easiest to get wrong on WordPress specifically, because WordPress's own default behavior doesn't always match what a plugin, a theme, or a copy-pasted rule set expects.

Quick Answer

WordPress generates a default virtual robots.txt automatically, but you can override it with a real file through an SEO plugin's editor (Yoast, RankMath) or by uploading one via FTP to the root directory. A safe WordPress robots.txt disallows /wp-admin/ while explicitly allowing admin-ajax.php, references your sitemap, and avoids blocking /wp-content/ entirely since it usually contains theme and image assets Google needs to render pages properly.

What is robots.txt for WordPress?

Robots.txt is a plain-text file at the root of a domain that tells search engine crawlers which parts of a site they're allowed to request. On WordPress, there's an added wrinkle: the platform creates a "virtual" version of this file even when nothing exists on disk.

The practical implication: on WordPress, "editing robots.txt" almost always means going through a plugin setting or a generator tool, not manually creating a file from scratch.

Why this matters for WordPress sites

WordPress's plugin ecosystem and predictable folder structure make robots.txt both more useful and more prone to accidental damage than on a hand-built site:

📊 Quick stat A large share of WordPress "site disappeared from Google" support threads trace back to a single misplaced rule in robots.txt — usually carried over from a staging site during migration, not from a deliberate SEO decision.

Step-by-step: setting up robots.txt in WordPress

  1. Check what's currently live. Visit yoursite.com/robots.txt in a browser to see whether WordPress's virtual default is showing or a real file already exists.
  2. Decide whether the default is enough. A small blog or brochure site with no unusual folder structure often doesn't need any changes beyond what WordPress already generates.
  3. Open your SEO plugin's file editor. In Yoast SEO, go to Tools → File Editor; in RankMath, go to General Settings → Edit robots.txt. Either creates the physical file for you.
  4. Or generate the file with a robots.txt tool. A generator lets you tick which folders to block, add crawl-delay or sitemap rules, and produces the complete file text without needing to remember the exact syntax.
  5. Add the essentials. Disallow: /wp-admin/, Allow: /wp-admin/admin-ajax.php, and a Sitemap: line pointing to your XML sitemap cover the vast majority of WordPress sites' needs.
  6. Avoid blocking /wp-content/ wholesale. That folder holds theme CSS, JavaScript, and uploaded images — blocking it can stop Google from rendering pages correctly, which can hurt rankings.
  7. Save, then verify with Search Console. Use the robots.txt report or URL Inspection tool in Google Search Console to confirm the live file parses correctly and behaves as expected on real URLs.
# A typical safe baseline for a WordPress site User-agent: * Disallow: /wp-admin/ Allow: /wp-admin/admin-ajax.php Disallow: /wp-login.php Disallow: /?s= Sitemap: https://yoursite.com/sitemap_index.xml
Try the Rebrixe Robots.txt Generator — free Tick the folders to block, add your sitemap, get a ready-to-upload file.
Generate Robots.txt →

Common mistakes on WordPress robots.txt

1. Migrating a staging site's "block everything" rule to production

Disallow: / is a common way to keep a staging environment out of search results, but it's also the single most common cause of a real WordPress site being invisible to Google when the file gets copied over during launch without being edited back.

2. Blocking /wp-content/ or /wp-includes/ entirely

These folders hold CSS, JavaScript, and images that Google needs to render a page the way a visitor sees it — blocking them wholesale can make pages look broken to Google even though they display fine in a browser.

3. Disallowing admin-ajax.php along with the rest of /wp-admin/

A blanket Disallow: /wp-admin/ without an accompanying Allow: /wp-admin/admin-ajax.php rule can interfere with front-end features — like load-more buttons or search suggestions — that rely on that file being reachable.

4. Using robots.txt to try to remove a page from Google

Disallowing a URL stops future crawling, but a URL already indexed and linked elsewhere can keep appearing in search results with no snippet. A noindex meta tag handles removal — and robots.txt actually blocks Google from ever seeing that tag if the page is disallowed.

💡 Pro tip Before deploying any robots.txt change, test it in Google Search Console's robots.txt report first — catching a bad rule there costs nothing, catching it after a week of lost crawling can cost real rankings.

Real-world examples

How different types of WordPress sites typically adjust their robots.txt beyond the default:

Personal blog
Minimal changes
Default + sitemap
Keeps WordPress's default rules and just adds a Sitemap: line pointing to the Yoast or RankMath sitemap URL.
WooCommerce store
Cart and checkout blocked
Crawl budget saved
Adds Disallow rules for /cart/, /checkout/, and /my-account/ so crawlers spend time on product and category pages instead.
Membership site
Gated content folders
Private areas excluded
Blocks login-protected content directories from crawling, while keeping the public marketing pages fully open.
Large content site
Search and filter URLs blocked
Duplicate URLs reduced
Disallows internal search results and faceted filter parameters like ?s= and ?filter= to avoid near-duplicate URL crawling.

None of these setups require touching PHP or core WordPress files — every change happens inside a plugin editor or a generated text file.

Ways to manage robots.txt in WordPress compared

The main routes for controlling robots.txt on a WordPress install, and where each one fits best.

Method Setup effort Control level Best for
WordPress default (virtual file) None, automatic Very limited Small sites with no special crawl needs
SEO plugin editor (Yoast / RankMath) Low, built into dashboard Good for most cases Most WordPress site owners
Standalone robots.txt generator Low, form-based Full custom rule sets Stores, large sites, multisite setups
Manual FTP upload High, requires server access Fully custom Developers managing multiple environments

Generate your WordPress robots.txt right now — free

The Rebrixe Robots.txt Generator builds a clean, WordPress-ready robots.txt file — proper wp-admin handling, sitemap reference, and optional rules for stores and search pages. No account, no server access needed, just copy the result into your plugin's editor.

Free Robots.txt Generator Tick the folders, add your sitemap, copy the file.
Open Robots.txt Generator →

Frequently asked questions

Yes. WordPress generates a virtual robots.txt file automatically at yoursite.com/robots.txt even if no physical file exists on the server. It contains basic default rules, and it disappears the moment a real robots.txt file is uploaded to the root directory.
It must sit in the root directory of the domain, accessible at yoursite.com/robots.txt, not inside /wp-content/ or any subfolder. A file placed anywhere else is simply ignored by crawlers.
Yes. SEO plugins like Yoast SEO and RankMath include a built-in robots.txt editor in their dashboard, and a robots.txt generator tool can produce the full file for you to paste in through that same editor.
Disallow: /wp-admin/ is standard and recommended, but it should be paired with an Allow: /wp-admin/admin-ajax.php rule, since some front-end functionality relies on that file being reachable by crawlers and other tools.
Not reliably. Disallow only stops crawling, not indexing — a blocked URL that's linked elsewhere can still appear in search results without a description. Removing a page from the index requires a noindex tag, which robots.txt actually prevents Google from ever seeing.
The core rules stay the same, but these sites often add extra Disallow lines for cart, checkout, and account pages, since crawling those adds no SEO value and can waste crawl budget on stores with large catalogs.
Visit yoursite.com/robots.txt directly in a browser to confirm the file loads, then use Google Search Console's robots.txt report or the URL Inspection tool to see how Googlebot interprets each rule.

Generate your WordPress robots.txt in seconds

The Rebrixe Robots.txt Generator builds a clean, WordPress-ready file — no account, no server access, just a ready-to-paste result for your SEO plugin's editor.

Launch the Robots.txt Generator →
← Back to blogs