I see those regularly, and that means the ‘bots are trying you and your site.
PS: If 30 minutes have yet to pass, you might want to edit that post and kill those links.
I believe you should see an Edit button under your avatar for 30 minutes after posting, and I thought you might not want those links picked up from here.
Yesterday I said “I see those [kinds of links] regularly”, but I actually should have said I *used to* see those regularly. Here are some excerpts from my htaccess that are now dealing with those and more:
## add at top of htaccess
## note: also go set wp-config.php permissions to 0400
# deny wp-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>
# deny .htaccess .htpasswd etc.
RedirectMatch 403 /\..*$
## add within or after BEGIN/END WordPress
# deflect TRACE DELETE TRACK DEBUG
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule ^(.*)$ - [F,L]
# send username enumeration to Home
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{QUERY_STRING} ^/?author=([0-9]*)
RewriteRule ^(.*)$ /? [L,R=301]
</IfModule>
## add at end of htaccess
# send certain brute-force login attempts to 403
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} =POST
### note change yoursite.com in this next line
RewriteCond %{HTTP_REFERER} !^http://(.*)?.yoursite.com [NC]
RewriteCond %{REQUEST_URI} ^/wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/wp-admin$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
# prevent view of 403.shtml
<Files 403.shtml>
Order allow,deny
Deny from all
</Files>
I do not know enough to explain all the above in detail, but now I no longer see those kinds of links in my “Pages Not Found” log.
