Discord has tightened its API policies significantly in 2024-2025. User-account bots ('self-bots') are now aggressively detected and permanently banned. Everything in this guide uses the official Discord Bot API and discord.js v14 — the only safe, sustainable approach.
Five Bot Types Every Growing Server Needs
- ▸Moderation bot: auto-timeout, word filter, raid protection, audit logging
- ▸Welcome & onboarding bot: DM new members, verification CAPTCHA, role assignment
- ▸NFT/Token gating bot: verify wallet holdings, grant tier-based roles automatically
- ▸Giveaway bot: fair random selection, custom entry requirements, anti-bot protection
- ▸Analytics bot: daily member count, weekly growth charts, retention metrics
Building a Moderation Bot with discord.js v14
const { Client, GatewayIntentBits, Events } = require('discord.js');
const client = new Client({
intents: [
GatewayIntentBits.Guilds,
GatewayIntentBits.GuildMessages,
GatewayIntentBits.MessageContent,
GatewayIntentBits.GuildMembers,
],
});
const BANNED_WORDS = ['spam', 'scam', 'phishing']; // extend as needed
client.on(Events.MessageCreate, async (message) => {
if (message.author.bot) return;
const lower = message.content.toLowerCase();
if (BANNED_WORDS.some(word => lower.includes(word))) {
await message.delete();
await message.member.timeout(5 * 60 * 1000, 'Banned word detected');
await message.channel.send(`⚠️ ${message.author} has been timed out.`);
}
});NFT Role Gating in 2025
Wallet-based role assignment is the most-requested Discord feature for crypto projects. Here's the production flow we use for clients.
- 1.User runs /verify in the bot channel
- 2.Bot generates a one-time link to your web verification page (expires in 10 minutes)
- 3.User connects wallet via RainbowKit or wagmi on the verification page
- 4.Backend checks NFT/token balance via Alchemy, QuickNode, or Moralis
- 5.Backend calls Discord REST API to assign role based on holdings tier
- 6.Role is re-validated on a 24-hour cron job — removed if holdings drop below threshold
Slash Commands vs. Legacy Prefix Commands
Discord deprecated message-based prefix commands (e.g. !ban, !kick) in 2022. All new bots must use Slash Commands via the Interactions API. Any bot still using prefix commands is running outdated architecture and will eventually stop working when Discord removes the Message Content intent for large bots.
Anti-Raid Protection
- ▸Auto-lock server if join rate exceeds 20 new users per minute (raid detection)
- ▸Require phone verification for new members during active raid alerts
- ▸Use Discord's built-in AutoMod rules for mention spam and suspicious link patterns
- ▸Whitelist verified bots explicitly in your moderation rules to avoid false positives
- ▸Set new member message rate limits: max 5 messages per 10 seconds for accounts under 7 days old
Hosting for 24/7 Uptime
Discord bots require continuous uptime — polling disconnects cause missed events and frustrated users. For bots serving under 10K members, Railway with auto-restart policies works well. For larger servers, deploy on a Hetzner CX21 VPS with PM2 for process management and automatic restart on crash. Always implement graceful shutdown to avoid losing in-flight interactions.