Auto Block Probing?

Viewing 2 replies - 1 through 2 (of 2 total)

  • Most of blocking that sort of thing has to be done by hand, you would enter that URL under “/options/immediately block IP’s that access these URLs:”

    You could shorten it something like this: /*/*/wp-e-*/license.txt

    I’ve found it’s best to test this by running under a VPN so you have a different IP, then browse to the blocked IP yourself and see if you get Wordfence blocked.

    This reminds me of another feature the Wordfence of the future should have, that of testing these blocks somehow, quickly.

    This kind of blocking can be super effective provided you’re getting a lot of scans for one attack vector. But doing it for each and every probe is whack-a-mole. Wordfence in my opinion should be running their own list that intercepts these probes. Perhaps they do, but a lot of them sure get through.

    To be fair, Wordfence probably blocks quite a few probes at their basic level, using their “Real-Time WordPress Security Network.” My understanding is that this sort of blocking is not reported to the Wordfence user when it occurs. Happy to be corrected.

    MTN

    Thread Starter jfkseo

    (@jfkseo)

    Yes,
    what is logical and should be is any direct request (probing)
    to like the obvious ones: https://www.website.com/wp-content/plugins/*
    – blocked immediately -. But I see so many requests going into – like a the plugin folder…. and requests for different plugins…. -and those could be 10’s of 10’s…
    Obviously try to find if you have any that can be hacked or use as backdoor…
    Any probing, to any wp section should be block at the attempt – and allowed to do 10’s and 10’s of probings. – creating a bunch of 404’s…
    Just makes no since.
    Fred

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Auto Block Probing?’ is closed to new replies.