Hi @willniev, thanks for getting in touch.
Any?Live Traffic?entries where specific filepaths/URLs like these are attempted don’t usually point to inside knowledge about your site’s structure or an attempted plugin breach. Mostly, these are automated attacks that are just hit-and-hope in the search for vulnerable plugins, paths, or publicly visible files that shouldn’t be.
I don’t have a reason to believe what you’ve seen here is the result of an attacker having access to your site or modifying your files. Making sure your plugins, themes, and WordPress itself are always the latest versions should limit the chance of one of these ever succeeding.
Wordfence handles its blocks by looking at the intent of an IP’s visit rather than just the page they tried to visit. The plugin does all of the important blocking for you so it’s our?general?recommendation to not implement manual blocking regime – which can be time consuming to keep up with current URLs and IP ranges etc. However, if your site is being hit many times and legitimate visitors are being affected, I can see why you’d want to stem the flow.
You may see some success from using?Wordfence > All Options > Firewall Options > Advanced Firewall Options > Immediately block IPs that access these URLs if you constantly see similar paths crop up. Be aware that even as an admin you?WILL?be blocked if you visit any of those URLs, even as a test.
You can read more here: https://www.wordfence.com/help/firewall/options#immediately-block-urls
Thanks,
Peter.
