Cloudflare blocks a request from this plugin almost every second

Hello @towytowy ,

Thanks for your report.

hicitypods.com has nothing to do with Gateway for Wise on WooCommerce. Our plugin is completely passive and doesn’t ping nor use any site whatsoever. Essentially, it just publishes a list of Wise accounts for your customer to pay their checkout amount to. Nothing more, nothing less. No API’s, no connection to 3rd-parties. As simple as that.

That said, the screenshot seems to be from activity originating from https://hicitypods.com and trying to “feel” a path in your website that happens to be from our plugin. To confirm, please look at similar activity to other parts of your website. Cloudflare’s firewall should be filtering all such kind of stuff automatically anyway.

If you haven’t already, would suggest to also setup an established security plugin like Sucuri, Wordfence, etc. I personally like a less-known one named Pareto Security for being less resource-intensive, but don’t take my word for it and do your due diligence.

Additionally, from time to time would suggest to scan your site for malware with something like gotmls.

HTH.

Thanks for your quick answer.

That is odd, Cloudflare only filters the one with the path for the Wise plugin. The only other thing I can find is my cron job that get’s filtered as well, but that is far less frequent as with the Wise plugin. I’ll try to run a malware scan, thanks for the tip!

I used to use Wordfence but deleted it cause it ate too much CPU ?? I might check out Pareto Security out.

So I temporarily deleted the Wise gateway today and the pinging stopped. I believe you when you say that the plugin itself isn’t doing the pinging. But I’d really like to know what is then, and if it’s critical or not.

Thanks,
Towy

Hi Towy,

If you hit Cloudflare > [yourdomain.com] > Firewall > Firewall Rules

It says:

Firewall Rules
Control incoming traffic to your zone by filtering requests based on location, IP address, user agent, URI, and more.

That means the traffic you’re seeing is originating from outside your website. So you’re being specifically targeted by intruders/bots for whatever reason. I don’t know why hicitypods.com would be interested in specifically targeting the Wise plugin though.

Anyway, I’ve this rule enabled to protect the plugins directory against foreign attacks:

(http.request.uri.path contains "/wp-admin/" and not http.request.uri.path contains "/wp-admin/admin-ajax.php" and not http.request.uri.path contains "/wp-admin/theme-editor.php")

Action = Block

If you also keep your origin’s security tight enough with something like Pareto Security, and from time to time check for other malicious intrusions with something like gotmls, I wouldn’t sweat for this issue anymore.

HTH.

Okay makes sense, the only thing I still find eerie is that the server that the requests are coming from is Hetzner, which is the provider I use, and every time I disable the plugin it stops.

Thanks for the firewall rule, I will use that.

It probably stops because it isn’t a valid path anymore (404)

Hi there, great plugin! I’m having this same issue. So many requests in my access log like this:
GET /wp-content/plugins/wc-wise-gateway/ HTTP/1.0 403

I have no cloudflare and the source IP is my own server. It means requests are going out from my own wordpress app, maybe jetpack maybe something else I don’t know but when I turn the plugin off, it just stops.

Hope you can help, this topic seems resolved so maybe I open a new one?

I’m still having the issue, I’d love to see an official fix sometime.
Alyabee’s comment confirmed my suspicion, it is coming from the origin server itself.

Hello guys, thanks for reporting!

I reviewed the code and think found the culprit of such behavior. I’ve just pushed v2.1.3 that should address the issue you’re having. Please report back how it goes.

It seems resolved to me, thanks. I hope we did not rush and break some functionality.

Awesome! Thank you for the quick fix ??

Glad to hear. I’m closing this ticket for now. Please report back if you may find any other issues.