WordPress plugin security

  • Resolved idnr1

    (@rm04)


    3 years, 3 months ago

    Hello,

    In the log files everyone can see that there are many attempts being made to see if a file exist in the /wp-content/plugins/* folders.
    Is there another / better way to check which connections are guessed and which are actual files.

    The reason im asking since many java script files reside in those plugin folders.

    After updates the file (versions) change pretty often.
    Instead of re scanning the site and catch all the links to exclude them i wonder if there is an easier way to accomplish this?

    Thanks in advance for any suggestions

    • This topic was modified 3 years, 3 months ago by Jan Dembowski. Reason: Moved to Fixing WordPress, this is not an Developing with WordPress topic

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    If the log shows a 404 status, then the file does not exist. Getting probed for vulnerable (or potentially vulnerable) files is a fact of internet life. There’s nothing for you to exclude.

    Thread Starter idnr1

    (@rm04)

    That fact of an internet life is what i’m fighting against, saying that there is nothing to exclude/filter only shows your capabilities and is not rlly an answer to my question.

    To catch unwanted traffic u need to be able to determine if something is a guess or if something is generated by the code u use now or in the past.

    So yes there is a lot to exclude/filter from the /wp-content/plugins/* folders.

    Basically everything that connects to /wp-content/plugins/* and that is not created by the code u use is unwanted traffic and should be blocked!

    But ill figure it out myself, was just hoping there would be more support on this question then just saying u gotta deal with it……

    kind regards

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    There’s no “filter” to block 404s. You can block some malicicous traffic with a plugin like WordFence, though I strongly suggest you do not choose to have it email you with every intrusion/probe attempt because there will be a lot of them.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘WordPress plugin security’ is closed to new replies.