/-/-/-/-/-/-/-/-/-/ requests

Hi @lhenning, thanks for getting in touch about this!

I’m not certain about whether other plugins also do this, but I do know the /-/-/-/-/-/-/-/-/-/-/ URL has been caused in the past by WPS Hide Login. If you don’t have that plugin installed, these occurrences in your Live Traffic may be random probing for certain URLs or plugins that aren’t happening often enough to trigger a rate limiting or brute force response from Wordfence.

Usually there is no need to implement a manual blocking regime unless you were receiving these hits so often they were causing your site to slow down. If you’re certain there would be no negative impact to you or your users attempting to log in from a hidden /wp-admin URL, you could state the path in Wordfence > All Options > Advanced Firewall Options > Immediately block IPs that access these URLs.

Thanks,
Peter.

We do have WPS hide login.

Does this cause the problem or when hackers can’t find wp-admin they go looking for it?

Hi @lhenning,

The hits you’re seeing look to be legitimate visits now that I know you have the plugin installed and they only happen in pairs. Random hits often do so without any knowledge of the platform or specific plugins you’re running in advance, so are more likely to miss than hit.

I’d no longer recommend immediately blocking that path though as WPS Hide Login changes the URL that PHP sees (which we use for Live Traffic) to 10 sets of -/ in a row, so it’s not malicious.

Thanks again,
Peter.