Some one is trying to hack my website, Need guidance

There are multiple IPs that are trying to access my directories. I am using iThemes Security plugin and it shows the following lists.

These are the files all of the IPs are trying to access every minute.

https://www.{My Website Name}.com/tag/feed/

https://www.{My Website Name}.com/premium-titanium/undefined

https://www.{My Website Name}.com/wp-content/uploads/2017/11/supra-on-wood.jpg

https://www.{My Website Name}.com/product/classic-sports-piece/

http://www.{My Website Name}.com/wp-content/plugins/apikey/wp-surf.php?test=hello

There are a total of 2700+ entries and they are increasing minute by minute.

Is there any way that I can block any IP that accesses these URLS?

http://www.{My Website Name}.com/wp-content/plugins/apikey/wp-surf.php?test=hello

https://www.{My Website Name}.com/tag/feed/

https://www.{My Website Name}.com/premium-titanium/undefined

Topic hacks hacked 404-error plugins Wordpress

Category Web

1
answered at

Your hosting place may have an IP Blocking via the cPanel; you could use that.

And there are various plugins that will do it also.

You could also do it with the htaccess file in the root of your WP installation; place these lines before the WordPress lines:

order allow,deny deny from 127.0.0.1 allow from all

Change the IP address as needed.

Added

If you want to block access to specific files, then look at the answer here: https://stackoverflow.com/questions/11728976/how-to-deny-access-to-a-file-in-htaccess .

And this answer tells how to block specific IP addresses to specific files: https://stackoverflow.com/questions/3604526/htaccess-how-to-restrict-access-to-a-single-file-by-ip

Note that hackers often change their IP address, so your blocking may not be effective.

I'd also ensure that the plugins/themes being attacked don't have vulnerabilities that would make the 'attack' successful. For that, you need to contact the plugin/theme support.

And, unless there are DDOS-type attacking going on against your site, the effort to block may not be worth it.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.