Hi @alissit thanks for reaching out to us to check this over.
The (.*) syntax is actually more consistent with a URL rewrite rule as seen in .htaccess files rather than something that’d be appended to, or dangerous when accessing, a URL. However, I can’t rule out a vulnerability with wildcard (*) terms in a certain plugin where this bot is randomly hitting sites to see if they can exploit it. Often bots will randomly try sites based on known vulnerabilities without even checking for installed plugins, so there’s no certainty you even installed the plugin with the vulnerability they’re looking for.
I simply recommend keeping your plugins and WordPress up-to-date, and try blocking the ‘offending’ IP if you’re receiving regular and unacceptable amounts of traffic attempting hits on these URLs.
Thanks,
Peter.
Hi @alissit, I hope that pointed you in the right direction and you’re not having trouble related to this issue.
If you need further assistance with Wordfence in the future, don’t hesitate to start a new topic and we’ll be glad to help you!
Thanks again,
Peter.
Thanks Peter!
I didn’t see the reply until now. I’ll check out the htaccess files and server setup.
We copied & moved the entire site from one domain & hosting to a new domain & hosting. It wasn’t happening on the previous set up, so most probably something to do with the new host & htaccess or server.
Thank you very much!
