Hello,

I am the admin of the website: intellectiveidiot.com

Everyday, I get notified on mail that a particular IP tried to access my wordpress files and has been locked for 200 seconds.

This is what I received today
“We’ve just locked out the host 168.61.190.195 from https://intellectiveidiot.com due to more than 20 404 requests for the file /wp-content/themes/enfold-child/update_script/vendor/phpunit/phpunit/build.xml. They have been locked out for 300 seconds.”

So I keep adding these IP’s to the Defender IP Blocklist.

I have already blocked more than 20 IPs and still everyday a new IP tries to hack my core wordpress files and gets temporarily blocked by Defender plugin.

Please help me with this issue, like how can I protect my wordpress files from these hacker IPs who try to access them everyday. Thank you.

today, the following appeared in log. normally, only the last 2 entries appear, but today ///wp-json/wp/v2/users/ appeared.

URL gives full access to administrators, editors, authors details — user ID etc.

167.71.87.135, , ///wp-json/wp/v2/users/, 3/15/20, 9:03 AM, 249, 301, GET, HTTP/1.1, Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
167.71.87.135, , ///?author=1, 3/15/20, 9:03 AM, 238, 301, GET, HTTP/1.1, Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
167.71.87.135, , /wp-login.php, 3/15/20, 9:03 AM, 241, 301, GET, HTTP/1.1, Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0

The latest 2.2.4 update breaks the CSS in the back for the plugin.