Thanks for your help frankmiao :)
I thought that I should insert something like that in every single php file but your suggestion would be easy to implement. However, I'm not sure that spam bots respect "disallow"... maybe I can hide everything in some way?