avidlearner

I edit my site’s .htaccess file. You can bring your site down if you’re not familiar with how to do this, so make a backup of the file before you attempt it.
Some security plugins also provide a way to edit .htaccess or use a .php file to block bad bots.

To block the referring site in .htaccess, I use

 
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} http\://site\.ru [NC]
    RewriteRule .* - [L,R=403]
 </IfModule>

To block the urls, I use

<IfModule mod_alias.c>
   RedirectMatch 403 (?i)/(customize\-partial\-refredh|Marvins|popup\-pomo)\.php
</IfModule>

There are many ways to accomplish this in .htaccess. This is what worked for me.

I see this is marked resolved, but I’d like to make you aware of what I’ve observed on my own site. All traffic referred from “site.ru” is hacking bots, looking to exploit weaknesses and insert malicious code into the WP site.

The urls they typically look for on my site are:

/phpmail/popup-pomo.php
/manager/popup-pomo.php
/permalink/popup-pomo.php
/wp-content/plugins/customize-partial-refredh/customize-partial-refredh.php
/wp-content/plugins/easyrotator-for-wordpress/Marvins.php

I have blocked all traffic referred from “site.ru”.