3 Comments

  1. > i don’t have a wordpress website myself but am getting huge requests on /wp- routing

    > my logs is completely flooded with 404 from /wp-this and /wp-that

    This is pretty *normal* in a negative way. Bots routinely check sites for security vulnerabilities. One is to check if a site is made in WordPress, and requesting /wp-*** is the most common way.

    > how can i stop this?

    One way to minimize this (and not completely stop) is to temporarily (not permanently) ban IP addresses that do this (e.g., 15 minutes) so as not to affect legitimate users.

  2. We also get tons of those “hits”, but if you implemented all the necessary security measures, plus great firewall / antivirus tools / CDN (along with quality hosting) – then you did all that is in your power in order to protect websites and that’s all you can do.

  3. Easy solution is to just block /wp-.* using a server rule.

    NGINX for example:

    “`
    location ~ ^/wp-.* {
    deny all;
    }
    “`

    Clean logs!

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer