Support » Plugin: Wordfence Security - Firewall & Malware Scan » Attacker trying to disable Wordfence?

  • Resolved aaron843


    I’ve had attempts to access:


    /wp-admin/admin-ajax.php (a lot of times)


    They also hit my contact form three times, twice entering 0627394718 as their message.

    Seems like a bot, that knows (or hypothesizes) that I am using Wordfence. Maybe trying to hijack a session and disable Wordfence?

    Can I use blocking to stop this type of probe?

Viewing 1 replies (of 1 total)
  • Plugin Support wfdave


    Hi @aaron843,

    Connections to /?wordfence_lh=1&hid=**** are normal and are used in the aid of determining if a user has JavaScript enabled or not.

    We use this information (along with other details such as their user-agent) to classify them as a bot or human.

    1. /wp-admin/admin-ajax.php

    This may be caused by a plugin. Can you try loading your website and opening the developer tools (F12) -> Network -> Look for admin-ajax.php, and see what the action is?

    For example:

    2. /my-account/

    If this is not an actual page, you can choose to blacklist this URL.

    a) Go to Wordfence -> All Options -> Immediately block IPs that access these URLs
    b) Enter /my-account/*
    c) Save Changes

    For example:

    3. Contact form

    It does seem like a bot. The most you can do here is add a captcha for the contact form. Anyone, even a human could just go to your contact form and submit random messages.


Viewing 1 replies (of 1 total)
  • The topic ‘Attacker trying to disable Wordfence?’ is closed to new replies.