If baidu is coming from all over it’s not baidu, they’re spam bots – harvesters spoofing baidu.
Baidu used to run on 119.63.192.0 – 119.63.199.255 – not sure if those IPs are still valid.
1. Try this on top of htacess, before WP rewrite:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.net$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.net$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ – [F,NC]
SetEnvIfNoCase User-Agent “^baiduspider” bad_bot
<Limit GET POST>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</Limit>
2. Or this on top:
SetEnvIfNoCase User-agent “Baidu” spammer=yes
SetEnvIfNoCase User-agent “semalt” spammer=yes
<Limit GET POST>
order deny,allow
deny from env=spammer
</Limit>
3. Robots.txt file should be in EVERY WordPress root folder:
#Baidu
User-agent: Baiduspider
Disallow: /
#Semalt
User-agent: semaltspider
Disallow: /
4. The only method that’s consistently effective is blocking IPs.
PM your email and I’ll send our block-China list. There’s nothing to lose by trying it unless the owner wants traffic from China. If that doesn’t stop it, most likely they’re harvester bots spoofing baidu.