admin管理员组文章数量:1314471
I have a non-wordpress website, and I've noticed I get a lot of 404 errors regarding requests to /wp-admin
My gut instinct is to blacklist the IP address corresponding to any "wp-admin" query, as it is probably someone attempting something uncouth.
But is there any possible legitimate reason for such a query? Perhaps a search engine trying to determine if I'm running wordpress?
(Note: I understand the paradox of asking a question about a non-wordpress site on a wordpress development site, but my question pertains directly to a wordpress feature so I hope you find it relevant.)
I have a non-wordpress website, and I've noticed I get a lot of 404 errors regarding requests to /wp-admin
My gut instinct is to blacklist the IP address corresponding to any "wp-admin" query, as it is probably someone attempting something uncouth.
But is there any possible legitimate reason for such a query? Perhaps a search engine trying to determine if I'm running wordpress?
(Note: I understand the paradox of asking a question about a non-wordpress site on a wordpress development site, but my question pertains directly to a wordpress feature so I hope you find it relevant.)
Share Improve this question asked Nov 23, 2020 at 13:04 CaptainCodemanCaptainCodeman 991 bronze badge 1- WordPress advertises itself in meta tags by default so there's no good reason to try crawling URLs to detect WordPress. There are plenty of automated attacks like this e.g. POSTs to /xmlrpc.php too or phpMyAdmin. – Rup Commented Nov 23, 2020 at 13:31
1 Answer
Reset to default 1Yes, lots of themes and plugins make use of the wp-admin/admin-ajax.php file, and some use wp-admin/admin-post.php. But beyond that there's little to no reason to access wp-admin.
Perhaps a search engine trying to determine if I'm running wordpress?
Search engines don't care so much if you are or aren't using WordPress, you would be able to tell via the user agent if it was a searchbot. If it is, then this implies you have links to nonexistent files in wp-admin that would show up in tools such as google web console, etc.
But if they did care, which they don't, there are far better ways to identify a WordPress than querying wp-admin.
What this is likely to be, are automated attacks. Almost all hacking attempts are automated, they don't even check your site. Exploits are fire and forget. Why make requests to a site to figure out if the exploit will work when you can just run them all? If one of them works that's all it takes.
For this reason, you'll see a lot of login attempts and exploit requests that aren't even for your software. My WordPress sites get Drupal exploits and attempts to login to Joomla URLs, and I ignore them. Iff they ever became an issue I would block them at the Nginx level or lower.
At the end of the day, we cannot know for certain. If you are concerned you might break things, contact the community around your CMS and ask them. For all I know you use a CMS called WonderPage that just happens to have a wp-admin folder
本文标签: Is there ever a legitimate reason for an outsider to access wpadmin
版权声明:本文标题:Is there ever a legitimate reason for an outsider to access wp-admin 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741970071a2407782.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论