Bot scans for things like website-url/wp/v2/posts/?per_page=100
-
Just a PSA for everyone, perhaps will help.
I’m not sure why none of my security software solutions, including Wordfence, by default catch these clearly criminal scans I’m getting over and over again, such as website-url/wp/v2/posts/?per_page=100
Securi explains what they are:
https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.htmlYet another security hole gift from WordPress. I’m so over it but I’m stuck with it.
I blocked something like
/wp/v2/* and /*/wp/v2/*In my WF Options/Immediately-Block-URLS
But I wish I didn’t have to keep taking the time to block these obvious exploit attempts.
MTN
- The topic ‘Bot scans for things like website-url/wp/v2/posts/?per_page=100’ is closed to new replies.