Support » Plugin: Wordfence Security - Firewall & Malware Scan » Attacker trying to disable Wordfence?

  • Resolved aaron843

    (@aaron843)


    I’ve had attempts to access:

    mydomain.com/?wordfence_lh=1&hid=DA27781965CF60E783C435E069967922&r=0.48688887772490497

    /?wordfence_lh=1&hid=895126B7D78560B25385BC7557AE83A6&r=0.3971362479971676

    /wp-admin/admin-ajax.php (a lot of times)

    /my-account/

    They also hit my contact form three times, twice entering 0627394718 as their message.

    Seems like a bot, that knows (or hypothesizes) that I am using Wordfence. Maybe trying to hijack a session and disable Wordfence?

    Can I use blocking to stop this type of probe?

Viewing 1 replies (of 1 total)
  • Plugin Support wfdave

    (@wfdave)

    Hi @aaron843,

    Connections to /?wordfence_lh=1&hid=**** are normal and are used in the aid of determining if a user has JavaScript enabled or not.

    We use this information (along with other details such as their user-agent) to classify them as a bot or human.

    1. /wp-admin/admin-ajax.php

    This may be caused by a plugin. Can you try loading your website and opening the developer tools (F12) -> Network -> Look for admin-ajax.php, and see what the action is?

    For example: https://i.imgur.com/DjCtfkZ.png

    2. /my-account/

    If this is not an actual page, you can choose to blacklist this URL.

    a) Go to Wordfence -> All Options -> Immediately block IPs that access these URLs
    b) Enter /my-account/*
    c) Save Changes

    For example: https://i.imgur.com/qEfZ6mO.png

    3. Contact form

    It does seem like a bot. The most you can do here is add a captcha for the contact form. Anyone, even a human could just go to your contact form and submit random messages.

    Dave

Viewing 1 replies (of 1 total)
  • The topic ‘Attacker trying to disable Wordfence?’ is closed to new replies.