Google Cross Scripting attack?

Hi @masterthehero, thanks for checking with this.

Requests from *.googleusercontent.com rather than *.googlebot.com, as stated in Google’s documentation are coming from a third party such as a site hosted on Google Cloud, for example. User content hosted by Google could be anyone, for any reason, with any type of intent.

It’s generally unnecessary to have a manual blocking regime as IPs are often reassigned, so management can be difficult to keep up with. Naturally as you’re getting so many requests and it’s attempting to run an onload script as part of the query string, I would certainly try a manual permanent ban on the IP from the Wordfence > Blocking page.

As Wordfence is an endpoint firewall, it can catch/restrict/block users using Brute Force or Rate Limiting settings after PHP loads but, when optimized, before the point your site tries to host content to them. Restrictions therefore are possible, but it can’t stop the requests from initially hitting your site, even if it ends up blocking them so you may still see Live Traffic mentions.

Just ensure your Rate Limiting rules already don’t limit Verified Google crawlers, and throttle instead of block. Throttling is generally better than blocking with crawlers because any good search engine understands what has happened if it is mistakenly blocked and your site isn’t penalized because of it: My Rate Limiting settings.

Thanks,
Peter.

Hi Peter,

Thank you for providing all these informative links. I’ve read through the material and implemented the recommended throttling changes. Really loving the simplicity of this plugin and plan to upgrade to premium once my budget is all squared away.

Thank you for taking the time to respond!

No worries at all @masterthehero, we’re always happy to help out with any queries and pleased to hear you’re happy with how things are going!

If you have further questions at any time, open up a new topic and we’ll do our best to answer fully.

Peter.