Title: wp-admin/css/ Last modified: March 27, 2026 --- # wp-admin/css/ * Resolved [martje65](https://wordpress.org/support/users/martje65/) * (@martje65) * [3 weeks, 1 day ago](https://wordpress.org/support/topic/wp-admin-css-3/) * Every day we see lots of /wp-admin/css/: No matching DirectoryIndex (index.php, index.html,index.htm,index.shtml,index.php5,index.php4,index.php3,index.phtml, index.cgi,index.pl) found, and server-generated directory index forbidden by Options directive, referer: binance.com * I have made a Honeypot URL: /wp-admin/css/ to block them but its not working. Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [IniLerm](https://wordpress.org/support/users/inilerm/) * (@inilerm) * [3 weeks, 1 day ago](https://wordpress.org/support/topic/wp-admin-css-3/#post-18864413) * Hi [@martje65](https://wordpress.org/support/users/martje65/), * This is a great technical observation! * The reason your Honeypot URL isn’t working for /wp-admin/css/ is because **Advanced IP Blocker (and WordPress itself) never actually sees that request.** * **Here is the technical breakdown:** 1. The bots are requesting a physical folder that actually exists on your server(/ wp-admin/css/). 2. Because the folder exists, your web server (Apache) intercepts the request _before_ handing it over to WordPress (PHP). 3. Apache sees that there is no index.php file in that folder, and since directory browsing is disabled on your server, **Apache immediately rejects the request with a 403 Forbidden error.** * Since the request is killed by Apache at the server level, it never reaches PHP, which means our Honeypot module never gets the chance to scan the URL or block the IP. * **The good news:** You don’t actually need to block them! What you are seeing in your server logs is proof that your server is already perfectly protected against directory browsing. The bots (which are doing “Referrer Spam” pretending to come from binance.com) are hitting a brick wall. They are consuming zero PHP/ Database resources. * If you really want to permanently ban those specific IPs, you would have to add a custom .htaccess rule manually, but my recommendation as a security developer is to just **ignore them**. Let Apache drop the connection instantly; it is the most efficient way to handle them. * Best regards, * Advanced IP Blocker Team * Thread Starter [martje65](https://wordpress.org/support/users/martje65/) * (@martje65) * [3 weeks, 1 day ago](https://wordpress.org/support/topic/wp-admin-css-3/#post-18864606) * Thanks for the update [@inilerm](https://wordpress.org/support/users/inilerm/) Viewing 2 replies - 1 through 2 (of 2 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fwp-admin-css-3%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/advanced-ip-blocker/assets/icon-256x256.png?rev=3320247) * [Advanced IP Blocker](https://wordpress.org/plugins/advanced-ip-blocker/) * [Frequently Asked Questions](https://wordpress.org/plugins/advanced-ip-blocker/#faq) * [Support Threads](https://wordpress.org/support/plugin/advanced-ip-blocker/) * [Active Topics](https://wordpress.org/support/plugin/advanced-ip-blocker/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/advanced-ip-blocker/unresolved/) * [Reviews](https://wordpress.org/support/plugin/advanced-ip-blocker/reviews/) * 2 replies * 2 participants * Last reply from: [martje65](https://wordpress.org/support/users/martje65/) * Last activity: [3 weeks, 1 day ago](https://wordpress.org/support/topic/wp-admin-css-3/#post-18864606) * Status: resolved