every day I am getting all this scanners that should be easily blocked keep scanning my site, I am not sure if its some rule that I disabled or they not getting blocked?
I see urls like:
/wp-includes/wlwmanifest.xml
/xmlrpc.php?rsd
/cms/wp-includes/wlwmanifest.xml
/wp-config.php~
/wp-config.php_bak
/wp-config.php.original
/wp-config.php.orig
/fckeditor/editor/filemanager/connectors/php/upload.php?Type=Media
/vendor/phpunit/phpunit/build.xml
administrator/help/en-GB/toc.json
/plugins/system/debug/debug.xml
/administrator
/wp-json/wp/v2/users
it happens every day for lots of time now
we need Cloudflare Honeypot project to catch and just block them they usually using virtual machine services