Are these bots?

I have two WAF rules:

Blocked Countries (Action = Block)
(not in {“AU” “IN” “IE” “NZ” “PH” “GB” “US” “CA”} and not

WP Login (Action = Managed Challenge)
(http.request.uri.path contains “wp-login”)

When I look at the activity of the WP Login rule, I there are 40 records in the last 24 hours, all from the countries that aren’t blocked.

The CSR for WP Login is 0%. I believe this means these are bots unknown to Cloudflare that fail the WP Login Managed Challenge.

Am I correct?



This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.