Bot constanty probing for vulnerable code

General Support
1

Hi there,
How can I stop bots form constant scanning/probing my Wordpress website for vulnerable code?
I have installed WP-Cerber, have a firewall and tried to block these bots with my htaccess… :unamused:
Tricky bots’re changing IP , countries ID, scanned filenames…

bots
bots1110×847 84.6 KB

1 Like
2

I have the same question. I see bots attempting to probe for vulnerable code. Is it possible to block these bot IPs immediately after a single attempt or after a configurable number attempts (e.g. 3)?

1 Like
3

Are we the only ones to have bots scanning our Wordpress websites for vullnerabilities???

4

Obfuscation to Protect a WordPress Site: Understanding the Basics

Obfuscation is a crucial method to protect a website from automated scans and attacks. It involves hiding or transforming sensitive information to make it difficult to identify the technologies used on a site. This includes several techniques:

  1. Hiding Version Information: WordPress often exposes sensitive information, such as version numbers of scripts, styles, and even the CMS itself. This data allows robots to quickly identify vulnerabilities related to a specific version. Obfuscating or altering this information makes it inaccessible to attackers.
  2. CMS Simulation: Another tactic is to simulate another CMS (such as Drupal, Joomla, or Wix) instead of WordPress. This prevents robots and scanners from applying predefined rules designed to exploit known vulnerabilities in WordPress. By rewriting URLs and masking the typical WordPress signatures, a robot will encounter a site it doesn’t recognize, complicating detection.
  3. URL Rewriting and Path Modification: Strategically modifying URLs, such as hiding wp-admin or wp-includes directories, and renaming critical files, is a common obfuscation technique. This ensures that even a scanner querying the site won’t find the usual paths associated with WordPress.
  4. Securing HTTP Headers and Server Responses: Many details about the server, such as the CMS type or even the plugins installed, are sent in the HTTP headers. By modifying, removing, or masking these headers, we prevent scanners from easily accessing this information.
  5. Protection Against Direct Access to Sensitive Files: Blocking access to critical files like wp-config.php, readme.html, and others prevents direct reading of these files, which may contain valuable information for an attacker.

The idea behind obfuscation is to transform the external perception of your site, making its true technology and architecture invisible or difficult to identify. Even if a robot scans the site, it will be faced with an illusion: the CMS, technologies, and access paths will be different from what is expected, making any attack attempt more complex.

Obfuscation is a crucial part of a WordPress site’s security strategy, and when done right, it renders automated scans practically useless because the site is hidden behind a facade that misleads attackers.

5

To that, one must learn the fundamentals of server technology, manage allowed PHP extensions, and understand the use of .htaccess for Apache or LiteSpeed, mod_rewrite, etc.

The files you show in the logs, and this applies to everyone, are being targeted. Have you implemented protections at the .htaccess level to prevent any reading or displaying of the permissions of your hosting? If you’re being bombarded by a bot, tell yourself that it has found the base of what it’s looking for. Otherwise, after 700 or 800 requests, when its routine phase 1 is finished, it will leave and not return, or at least not right away. Haha.:alien::grin: