Can we?

  • Resolved boionfire81

    (@boionfire81)


    3 months, 3 weeks ago

    My site is still small currently as it hasn’t launched yet (still uploading products). So I have been able to go through the live traffic logs one at a time ?? I have noticed a lot of attempts to urls such as //blog //feed //xmlrpc.

    Here’s my question, can we block all instances of // without blocking https:// or https:// redirects from login urls etc. Because as far as I know wordpress or any other plugins do not use // in a url.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @boionfire81,

    If Wordfence isn’t acting on these attempts, they may not be frequent enough to be affected by your Rate Limiting settings in addition to the intent it looks for behind a request anyway. If they started to be problematic, it’s likely Wordfence would act on your behalf with no manual management required.

    I have just tested that blocking //* in Immediately block IPs that access these URLs is effective at blocking a request to //blog or //xmlrpc etc. but does not affect regular paths on your site with single slashes. Wordfence won’t hit a false-positive on the http(s):// as all paths in this setting are relative – so happen after the …yoursite.com part of the address.

    If you start to notice legitimate visitors or plugins being blocked, you could specify the specific paths you frequently see attempted with double-slash instead of a wildcard.

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.