Title: Fun with Bots Last modified: June 8, 2017 --- # Fun with Bots * Resolved [mountainguy2](https://wordpress.org/support/users/mountainguy2/) * (@mountainguy2) * [9 years ago](https://wordpress.org/support/topic/fun-with-bots/) * Just a friendly suggestion from a heavy WF user. * I noticed I was being attacked by bots on various URLs for the file setup-config. php so I set up a honey trap using the “Immediately Block URL” in Wordfence Options. * As far as I can tell from reading WordPress Codex, setup-config.php is only used for new WordPress installs, it’s thus what I’d call vestigial (and incidentally is an example of another aspect of WordPress that unnecessarily attracts bots and uses up bandwidth.) * Setup-config.php exists in most WordPress installs as /wp-admin/setup-config. php, so for the most effective honey trap FTP into your WordPress install /wp- admin/ folder and rename the pesky bot attractor to something like /wp-admin/ setup-config-renamed0986789.php then add the following to your Wordfence “Immediately Block URLs” and watch the fun via your Wordfence “Blocked” list. (The attacks I’m getting include URLs with more folders-directories than just one, so following has up to three steps to catch all the attacks). * /*/setup-config.php /*/*/setup-config.php /*/*/*/setup-config.php * Remember that due to the way Wordfence works, if a URL for a file exists the “ Block URL” won’t function. Hence, the renaming of setup-config.php. Viewing 4 replies - 1 through 4 (of 4 total) * [bluebearmedia](https://wordpress.org/support/users/bluebearmedia/) * (@bluebearmedia) * [9 years ago](https://wordpress.org/support/topic/fun-with-bots/#post-9214241) * Great tip, MTN – thanks! * Thread Starter [mountainguy2](https://wordpress.org/support/users/mountainguy2/) * (@mountainguy2) * [9 years ago](https://wordpress.org/support/topic/fun-with-bots/#post-9215732) * I’ve been watching my bot attacks pretty closely as my server is always on the verge of getting more expensive due to needing more bandwidth, so I’ve got a financial incentive. I have a theory that due to the prevalence of Wordfence and various forms of blocking, the WordPress attack botters are getting desperate and throwing a lot more random stuff out there to see what will stick. If we all do our part, if millions of us do proactive bot blocking as well as Wordfence constantly upping their game, I’d hope the bandwidth used by useless bots will gradually diminish. * For example, I’ve noticed that since Wordfence implemented their IP blacklist, my blocked attack URLs list has been reduced by about half. It was a very noticeable change. * One thing Wordfence and WordPress could do is start addressing the problem of standardized WordPress attack vectors such as xml-rpc.php, setup-config.php and wp-login.php. If they came up with a programmatic way of hiding all those things from bots, enabled by a simple mouse click of a checkbox in Wordfence, the world would be a much much better place. * MTN * Thread Starter [mountainguy2](https://wordpress.org/support/users/mountainguy2/) * (@mountainguy2) * [8 years, 12 months ago](https://wordpress.org/support/topic/fun-with-bots/#post-9217429) * Today, more attacks on setup-config.php, I researched and it’s said that WordPress version 3.3.1 and prior indeed was vulnerable to some sort of hack using this file. Of course all of us here are well past that version in our upgrades, but interesting nonetheless to see how the hackers are always botting around for older versions of WordPress they can compromise. Point of my attention to this is it’s always good to block a bot, no matter what, as you never know what they’re going to attack next. Oh, and as the experts say, always run the latest version. MTN * [wfalaa](https://wordpress.org/support/users/wfalaa/) * (@wfalaa) * [8 years, 12 months ago](https://wordpress.org/support/topic/fun-with-bots/#post-9225195) * That’s interesting [@mountainguy2](https://wordpress.org/support/users/mountainguy2/), Thanks for sharing this! Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Fun with Bots’ is closed to new replies. * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865) * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordfence/) * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/) ## Tags * [banned](https://wordpress.org/support/topic-tag/banned/) * [Honey Pot](https://wordpress.org/support/topic-tag/honey-pot/) * [url](https://wordpress.org/support/topic-tag/url/) * 4 replies * 3 participants * Last reply from: [wfalaa](https://wordpress.org/support/users/wfalaa/) * Last activity: [8 years, 12 months ago](https://wordpress.org/support/topic/fun-with-bots/#post-9225195) * Status: resolved