Site being bombarded by visitors looking for non-existent URLs

I have a site that was hacked around 18th March – they injected some code into index.php in the root file. I cleaned that up and the site is free from whatever it was that had infected it.

However, since then, I can see in Wordfence that there are numerous numbers of ‘visitors’ on the site (from all over the world) attempting to access URLs that aren’t there. These are dodgy looking URLs to do with s*x with young girls, general pron, movies etc. The URLs definitely don’t exist on the site and never have as far as I know, so these visitors are getting error 404s. Visitors looking for such stuff also include Google and other search engines.

I’ve tried blocking, but they’re coming in thick and fast (ha, unintentionally that last bit somehow seems appropriate to the type of URLs they’re looking for!).

Does anyone know what these visitors are doing? If the URLs never existed, why does Google look for them? If they existed why didn’t I find them on the site?

Are these numerous visitors just trying to make search engines think the site is more popular than it is by bombarding it with visits that will show up to Google in Analytics (and then they can come back, hack the site again and get better ranking for their dodgy websites), or are they really looking for URLs that don’t ever seem to have existed? Maybe it was a hack attempt that didn’t work and the URLs couldn’t be put on the site?

Anyway, I can’t stop them as I’d be sat here all day trying, so I wonder if they will eventually get less if they’re getting 404s. There have been no other hacking attempts – well, not that I can find anyway, since the original one.

This is a real pain! What are these ‘visitors’ doing on the site? There are also quite a lot of attempts by various visitors to login, but none have succeeded.

Thoughts much appreciated.

https://www.ads-software.com/plugins/wordfence/