My server keeps getting requests several times per second, all accessing “/calendar/action~monthly” – are these legit, and if not, how do I stop them?

The requests come from lots of different IPs, and will vary the tag_ids, but here is an example:

> – – [01/Jul/2024:13:22:33 +0000] “GET /calendar/action~month/tag_ids~904,1165,925/request_format~json/ HTTP/1.1” 200 45588 “-” “mozilla/5.0 (linux; u; android 4.4; nexus_ 9 build/ktu84p)

Its bogging down my server. I am not great at Dev Ops stuff, so any advice on limiting this would be appreciated.

I am running wordpress 6.5.5 on Ubuntu 20.04

WordFence says they’re bots, but I’d rather solve this issue at one point on some kind of system level, rather than having to keep blocking individual IPs

  1. You should put Cloudflare out front of your site, that will cut down on some of the bots, and will also help take some load off.

  2. Agree with the Cloudflare recommendation. The AI scraping bots were completely out of control, but Cloudflare just released a free WAF Rule that allows you to block all known AI bots. My servers had a noticeable improvement in response time after I enabled this.


This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer