plugins - Some one is trying to hack my website, Need guidance

Closed. This question is off-topic. It is not currently accepting answers.

---

Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?

Closed 6 years ago.

Improve this question

There are multiple IPs that are trying to access my directories. I am using iThemes Security plugin and it shows the following lists.

These are the files all of the IPs are trying to access every minute.

https://www.{My Website Name}/tag/feed/

https://www.{My Website Name}/premium-titanium/undefined

https://www.{My Website Name}/wp-content/uploads/2017/11/supra-on-wood.jpg

https://www.{My Website Name}/product/classic-sports-piece/

http://www.{My Website Name}/wp-content/plugins/apikey/wp-surf.php?test=hello

There are a total of 2700+ entries and they are increasing minute by minute.

Is there any way that I can block any IP that accesses these URLS?

http://www.{My Website Name}/wp-content/plugins/apikey/wp-surf.php?test=hello

https://www.{My Website Name}/tag/feed/

https://www.{My Website Name}/premium-titanium/undefined

Closed. This question is off-topic. It is not currently accepting answers.

---

Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?

Closed 6 years ago.

Improve this question

There are multiple IPs that are trying to access my directories. I am using iThemes Security plugin and it shows the following lists.

These are the files all of the IPs are trying to access every minute.

https://www.{My Website Name}/tag/feed/

https://www.{My Website Name}/premium-titanium/undefined

https://www.{My Website Name}/wp-content/uploads/2017/11/supra-on-wood.jpg

https://www.{My Website Name}/product/classic-sports-piece/

http://www.{My Website Name}/wp-content/plugins/apikey/wp-surf.php?test=hello

There are a total of 2700+ entries and they are increasing minute by minute.

Is there any way that I can block any IP that accesses these URLS?

http://www.{My Website Name}/wp-content/plugins/apikey/wp-surf.php?test=hello

https://www.{My Website Name}/tag/feed/

https://www.{My Website Name}/premium-titanium/undefined

• plugins
• 404-error
• hacked
• hacks

Share Improve this question edited Oct 21, 2018 at 14:30 fuxia♦ 107k3939 gold badges255255 silver badges461461 bronze badges asked Oct 21, 2018 at 14:29 SyedSyed 10111 bronze badge

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 3

Your hosting place may have an IP Blocking via the cPanel; you could use that.

And there are various plugins that will do it also.

You could also do it with the htaccess file in the root of your WP installation; place these lines before the WordPress lines:

order allow,deny deny from 127.0.0.1 allow from all 

Change the IP address as needed.

Added

If you want to block access to specific files, then look at the answer here: https://stackoverflow/questions/11728976/how-to-deny-access-to-a-file-in-htaccess .

And this answer tells how to block specific IP addresses to specific files: https://stackoverflow/questions/3604526/htaccess-how-to-restrict-access-to-a-single-file-by-ip

Note that hackers often change their IP address, so your blocking may not be effective.

I'd also ensure that the plugins/themes being attacked don't have vulnerabilities that would make the 'attack' successful. For that, you need to contact the plugin/theme support.

And, unless there are DDOS-type attacking going on against your site, the effort to block may not be worth it.