Wordfence Options: Immediately block IPs that access these URLs
-
Can anyone recommend which urls to block here? I was thinking of those below, but I don’t want to block legitimate users or WP functions. I want to protect everything that is possible to protect without diminishing viewer satisfaction or functionality. The site has no user registration, but commenting is allowed.
/*unlockEmail /*.cpaneldcv /wp-config.php* /admin* /*plugin* /xmlrpc.php /login* /shell* /suspected* /mysql* /dump* /license* /js* /track* /*config* /*setup* /*.zip /utility* /modules*
Viewing 4 replies - 1 through 4 (of 4 total)
-
Hi, this feature is a very important part of Wordfence and is under appreciated. Once you get it tuned set for 48 hours blocking or even longer, you can really keep a lot of criminals blocked from freely experimenting on your website that way. Below is my list, it could be cleaner, with better use of wildcards, but gives you an idea of what a curated list might look like. I update it every few days. Fun to watch the criminals get shut down.
/-----NOTE--remember-url-must-not-exist /-----NOTE--dots-periods-for-suffix-may-not-be-substituted-by-wildcard /wp-login /*/wp-login /blog/wp-login.php /*/wp-login.php /*/*/wp-login.php /wp-login.php* /login.html /login /author/*//wp-login.php /author/*/wp-login.php /author/*/wp-login.php* /*/*login=go%21&H= /*/*/*login=go%21&H= /administrator/* /administrator/index.php /administrator /administrator/ /*/administrator/* /admin /admin/ /admin.php /adminzone /*/node/add /node/add /*/*/ckeditor-for-wordpress/* /*/ckeditor-for-wordpress/* /*/*/thecartpress/* /*/thecartpress/* /data/wallet.dat /wp-content/*/*/a-a.css /a-a.css /wp-content/*/*/gallery-plugin.php /gallery-plugin.php /whitehat /plugins/lim4wp/editor_plugin.js /*/plugins/lim4wp/editor_plugin.js /xerte-online/logo.png /*/plugins/xerte-online/logo.png /user-photo/admin.css /*/plugins/user-photo/admin.css /*/mac-dock-gallery/bugslist.txt /*/*/mac-dock-gallery/bugslist.txt /*/*/*/destination.php /front-end-upload/destination.php /*/front-end-upload/destination.php /*/*/*/readme.txt /wp-tmp.php /license.php /*/license.php /license.php* /lic.php /gemb.php /nicesite.php /sample.php /security.php /tmp.php /wp-checking.php /-------place-all-wp-config-variations-below /wp-config /wp-config-sample.php /wp-config-sample.php~ /wp-config.txt wp-config-sample.php.bak /*/wp-config.txt /wp-config.save /wp-config.cfg /*/wp-config.cfg /wp-config.old /wp-config.bak /wp-config.orig /*/wp-config.orig /wp-config.original /wp-config-backup.txt /wp-config-backup.php /wp-config.backup /wp-config.data /wp-config.htm /wp-config.html /.wp-config.php.swp /config.php~ /config /-----NOTE-deleted-setup-config-file-in-wp-admin /*/*/*/*/setup-config.php /*/*/*/setup-config.php /*/*/setup-config.php /*/setup-config.php /setup-config.php /%23wp-config.php%23 /.wp-config.php.swp /*/wp-installation.php /wp-installation.php /wsdl.php /manager /manager/ /manager/html /*/*/*/*/*/upload_settings_image.php /xsvip.php /wp-mail.php /sql_dump.php /security.php /wp/* /wp-content/plugins/wp-photonav/* /plus/Shijian.asp /install/m7lrv.php /admin/mazi.asp /plus/mytag_js.php /inc/config.asp /images/cache.asp /passwords.php /SQLiteManager/* /MySQLDumper /SQLiteManager/main.php /weki.php /upload/uploaxsd.asp /zx.asp /jiuge.asp /xyr/confings.asp /xz.asp%3b.jpg /readme.txt /readme.html /readme.php /sjutd.txt /ffl/error /apps/ /js/libs/jquery/*/*/tipsy/css/tipsy.css /themes/elastixneo/ie.css /wp-content/plugins/dzs-videogallery/ /wp-content/plugins/mailz/ /wp-content/plugins/akismet/Sec-War.php /pole.php /*/showdebuginfo/serverDetails.asp /uploadify/uploadify.css /uploadify/uploadify.php /*/*/*/*/*/uploadify.php /*/*/*/*/*/upload_settings_image.php /*/passwords-list-3.html /passwords-list-3.html /passwords-list-2.html /user/insert.page /*/*/tinybrowser/upload_file.php /wrecksite.aspx /master/upload.php /register/ /*/register /*/*/register /*/*/*/register /register.php /*/register.php /login-register.html /?q=user%2Fregister /author/*/*?action=register /wp-register.php /inc.php /seo-joy.cgi /thumbopen.php /*/shareChat.asp /short-term-cash-*/ /*/*/| /*/*/%7C /explore /*/*/*/fm.php /*/*/fm.php /*/upfilees.php /upfilees.php /*/*/wp-quick-booking-manager/* /*/wp-quick-booking-manager/* /xml.log /*/xml.log /*/*/xml.log /*/*/*/xml.log /*/*/*/*/xml.log /*/*/*/*/*/xml.log /*/*/*/*/*/*/xml.log /*/*/cielo-xml.log /*/*/*/MF_Constant.php /*/*/MF_Constant.php /utility/*/* /typo3/ /*/typo3/ /-----NOTE-below-blocks-random-author-scans-using-unused-numbers /?author=2 /?author=4 /?author=5 /?author=6 /?author=7 /?author=8 /?author=19 /?author=22 /?author=36 /?author=44 /?author=46 /?author=47 /?author=50 /*/*/front-end-upload/destination.php /*/*/*/wp-installation.php /test.php /cache/clean.php /cache/clean.php* /*/*/*/ninja_forms.php /form.php /.nksdjs /*/*/Cms_Wysiwyg/directive/*/ /*/Cms_Wysiwyg/*/*/ /*/*/delete-all-comments/* /*/*/delete-all-comments/ /wso.php.suspected /wso.php /c99.php /mko.php /tmp.php.suspected /bubus.php /bubus.php.suspected /*/*/*/README_OFFICIAL.txt /*/*/*/lgpl.txt /product.php /product.php/ /product.php* /wp-content/*/smart-videos/* /wp-content/*/zen-mobile-app-native/* /blog/ /*/*/mobile-app-builder-by-wappress/* /autodiscover.wildsnow.com/*/* /*/Exchange.asmx /bitrix /*bitrix/ /plugins/stop-user-enumeration/ /*/changelog.txt /*/*/changelog.txt /*/*/*/changelog.txt /c3843fdbd548cf7a5c0d3cf617492957.html /wp-admin/js/wp-fullscreen.js /layout2b.css /*/revslider/*/* /*/revslider/*/*/* /*/*/revslider/*/* /*/*/revslider/*/*/*/* /*/*/revslider/*/*/*.php /*/*/Login-wall-OaWAc/* /media/mass.php /mscms/ /vam_rss2_info.php /*/weathermap/editor.php /*/*/weathermap/editor.php /*/*/wp-dreamworkgallery/* /*/*/wp-vertical-gallery/* /*/*/complete-gallery-manager/*/* /*/complete-gallery-manager/*/* /*/*/complete-gallery-manager/ /about/xmlrpc.php /fozi.php /Leonas.php /wrm.php /*/*/wp2android-turn-wp-site-into-android-app/* /*/*/mobile-app-builder-by-wappress/* /*/*/zen-mobile-app-native/* /wp-links-opml.php /*/*/wp-property/action_hooks.php /*/*/custom-content-type-manager/index.html /dzsuploader/* /*/*/index.php?php5=print(md5(wp)) /wp-layout.css /layout2b.css /cash.php /*/*/*/libravatar-replace.php /*/*/wpstorecart/* /wp-content/*/showbiz/*/* /wp-content/*/showbiz/*/ /editor/filemanager/connectors/uploadtest.html /*/*/*/uploadtest.html /*/*/uploadtest.html /Mksfsxcb.php /----------following are now in mod security/ /------/*/wp/v2/* /------/*/wp/v2/*/* /*/*/website-contact-form-with-file-upload/* /images/stories/gass.php* /media/* //media/* /up.php* //m.php* /m.php* /jm-ajax/upload_file/ /894613256498.php /8d4ccd2727eb0a8.php /07545460.php /-------------following-blocks-all-gzip-and-sql-if-not-existing /*.gz /*.sql /1.tar.gz /1.zip /backup.tar.gz /-------------end-gzip-sql /*/*/rnnvhs.php /*/Searchreplacedb2.php /*/*/Searchreplacedb2.php /Searchreplacedb2.php /*/*/*/Searchreplacedb2.php /wp-content/*/sketch/*.php /wp-content/*/wp-cods.php /*/*/jax_guestbook.php /------following-jquery-attacks-are-blocked-in-Modsecurity /wp-includes/js/jquery/ui/jquery.ui.core.min.js* /wp-includes/js/jquery/ui/jquery.ui.mouse.min.js* /*/*/*/*/jquery.ui.draggable.min.js /*/plugins/cherry-plugin/*/*/* /*/system_cache.php /871 /871/871 /408%*/* /*/*/%5C&du=*hash=* /upgrade-browser /wp-admin/admin-ajax.php?action=revslider_show_image&img=..%2Fwp-config.php /?gf_page=upload /javascript/scriptfunctions.js /*/*/wpstorecart/lgpl.txt /*/*/user-photo/admin.css /jmx-console /Joomla/administrator /wp-init.php /dep.php /Dducfj.php /azra.php /*/*/*/*/*/*/*/XAttacker.php* /*/*/*/*/*/*/XAttacker.php* /*/*/*/*/*/XAttacker.php* /*/*/*/*/XAttacker.php* /jmx-console /manager/html /jQuery(this).attr( /id_dsa /id_rsa /*/id_dsa /*/id_rsa /*/*/id_dsa /*/*/id_rsa /htaccess.php /wp-includes/js/tinymce/plugins/tabfocus/map.php /wp-system.php /wp-content/plugins/*/*/composer/css/Myrjr.php /*.zip /*/*.zip
Viewing 4 replies - 1 through 4 (of 4 total)
- The topic ‘Wordfence Options: Immediately block IPs that access these URLs’ is closed to new replies.
