Hi … recently switched from a custom design to WordPress…
Someone keeps sending huge number of requests to my site, all requests from same country, but I cannot ban that country because many visitors to my site are from there… I tried to block IP, but it is constantly change… Now I use Rate Limiting… But for how long did I use it… Attack never stops and I don’t know why this attack goes to the organ and not to the cache. I use WP Fastest Cache Premium.

most requests go to

wp-json/oembed/1.0/embed
wp-admin/admin-ajax.php
/https

he asks for URLs that do not exist and generate thousands 404 error.
Any idea how I can stop this…

Uploading: 0011.jpg…

I suggest reading this guide.

Super bot fighting mode would catch this on the behavioral protection. If SBFM is not an option for you, I suggest reading the guide.
After you do that, if you still face problems, I’d advise giving us the following:

1. Plan that you are subscribed to.
2. List of deployed firewall rules.
3. List of deployed page rules.
4. Photo of the analytics (especially the WAF section) and detailed random sample data of blocked/challenged events.

thank you very much for the respond

I will try to do the things you suggested to me and hopefully I will succeed in stopping this constant annoyance.

My plan is pro.
I use no firewall rule (0)
I use only 1 page rule (not www to www)

Firewall :

Web Application Firewall / on
Cloudflare Managed Ruleset ( flash, php, Specials, wordpress) / on
OWASP ModSecurity Core Rule Set / off

0033798×1555 74 KB

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.