Title: Security question
Last modified: February 11, 2019

---

# Security question

 *  Resolved [neptun](https://wordpress.org/support/users/neptun/)
 * (@neptun)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/security-question-27/)
 * My WordPress site has long been looking for strange page queries. These pages
   are:
    / Wp-content / plugins / CKEditor-for-word press / CKEditor / plugins /
   smiley / images / teeth_smile and / Wp-content / plugins / CKEditor-for-word 
   press / CKEditor / plugins / smiley / images / regular_smile
 * These queries are sent by both people and robots. First one and then another.
   These come from several addresses, both from my own country (Finland) and elsewhere.
   They are not blocked by any security program like Wordfence because the query
   is normal. WP send the information page can not be found.
 * What are these? The site has longer a ckeditor add-on. It is nearly a year ago
   
   of it. Are these dangerous? Why they always come again and again, every day.
    -  This topic was modified 7 years, 4 months ago by [neptun](https://wordpress.org/support/users/neptun/).
 * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-question-27%2F%3Foutput_format%3Dmd&locale=en_US)
   to see the link]_

Viewing 11 replies - 1 through 11 (of 11 total)

 *  [mwarbinek](https://wordpress.org/support/users/mwarbinek/)
 * (@mwarbinek)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/security-question-27/#post-11194381)
 * Hackers do specific searches like that through the browsers URL text box to find
   weak spots. This is noted more when your list of plugins do not include “CKEditor
   for wordpress”.
 * I get that stuff all the time.
 * What they are searching for are known hacks or open doors caused by poor plugins
   or poorly coded script files.
 * This actually helps you identify a bad plugin and makes the mark that it is time
   to get rid of it if you have that plugin.
 * **Block Hacker Access Requests**
    You can insert a block to this kind of queries
   in WordFence.
 * 1.WordFence > Firewall > Advanced Firewall Options
    – go to, “Immediately block
   IPs that access these URLs”, – enter into the text box the URL that the hacker
   used to access your site, one entry per line, – save You can read more here: 
   [https://www.wordfence.com/help/firewall/options/?utm_source=plugin&utm_medium=pluginUI&utm_campaign=docsIcon#immediately-block-urls](https://www.wordfence.com/help/firewall/options/?utm_source=plugin&utm_medium=pluginUI&utm_campaign=docsIcon#immediately-block-urls)–
   see “Immediately block IPs that access these URLs”
 * 2.WordFence > Firewall > Rate Limiting
    – ensure this is “On” – check “Immediately
   block fake Google crawlers”, – go to “How long is an IP address blocked when 
   it breaks a rule” and choose how long you want that violator locked out. – then
   save.
 * Hope that helps.
 *  [mwarbinek](https://wordpress.org/support/users/mwarbinek/)
 * (@mwarbinek)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/security-question-27/#post-11194391)
 * (fixed the spelling in your tags below)
 *  [wfdave](https://wordpress.org/support/users/wfdave/)
 * (@wfdave)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/security-question-27/#post-11194496)
 * Hi [@neptun](https://wordpress.org/support/users/neptun/),
 * I did some snooping on your site and found that your website links to it:
 * [https://neptunet.net/2014/10/26/windows-10-tulossa-onko-se-parempi-kuin-win-8/](https://neptunet.net/2014/10/26/windows-10-tulossa-onko-se-parempi-kuin-win-8/)
 * Can you edit this page and remove the references to `https://neptunet.net/wp-
   content/plugins/ckeditor-for-wordpress/ckeditor/plugins/smiley/images/teeth_smile.
   png`?
 * Dave
 *  [mwarbinek](https://wordpress.org/support/users/mwarbinek/)
 * (@mwarbinek)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/security-question-27/#post-11194565)
 * (Hey Dave, when tending to all the posts here, and you get tired, remember not
   to slip with the keyboard and mistakenly put a “t” between the “w” and “f”. 🙂)
 * Wanted to ask, is there anything to be mindful off when carrying out what I suggested
   above??
 *  [mwarbinek](https://wordpress.org/support/users/mwarbinek/)
 * (@mwarbinek)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/security-question-27/#post-11194586)
 * [@neptun](https://wordpress.org/support/users/neptun/)
    Dave refers to this paragraph,
   it seems like a hidden image. This is the paragraph,
 * `Miltä Windows 10 sitten näyttää ja mitä perustoimintoja siinä on? Siitä saa 
   tavallinenkin käyttäjä jonkinlaisen tiedon julkisuuteen saatettujen kuvien, videoiden
   ja tietojen avulla. Tämän artikkelin otsikkokuvana on uuden Windows 10 työpöytänäkymä,
   klikkaa kuva näkyväksi. Artikkelin lopussa on myös Microsoftin video Win 10 olemuksesta
   ja käytöstä (kyllä sitäkin puolta esitetään kun malttaa kehujen lisäksi katsoa
   pitemmälle laugh )`
 * It is near the bottom of the article. Highlight the entire paragraph, then right
   click it and click “View selection source” (in FireFox).
 *  [wfdave](https://wordpress.org/support/users/wfdave/)
 * (@wfdave)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/security-question-27/#post-11195132)
 * Hi [@mwarbinek](https://wordpress.org/support/users/mwarbinek/),
 * Haha, I’ll be sure to be mindful of typos! 🙂
 * As for your suggestions, it looks like it’s solid! It covers how to block someone
   if they’re repeated accessing the URL maliciously.
 * However, in this situation, one of the pages on his site links off to a 404 page.
   Blocking anyone if they access `teeth_smile.png` would be blocking off legitimate
   traffic.
 * Dave
 *  Thread Starter [neptun](https://wordpress.org/support/users/neptun/)
 * (@neptun)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/security-question-27/#post-11197214)
 * Hello all! You’re great.
 * That was the problem at least with human users. Those post witches, of which 
   Dave put the example, are old. An example of an article from 2014. That time 
   was Ckeditor in use and typos are from it. I will examine all old post to find
   all wrong smileys.
 * Thank you very much for your fine support work!
 *  [wfdave](https://wordpress.org/support/users/wfdave/)
 * (@wfdave)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/security-question-27/#post-11198822)
 * Hi again,
 * I forgot to mention that the bot users may also face the same issues due to caching.
   Sites like waybackmachine may have a previous version of those pages saved, so
   when they try to fetch images from that page, it will result in 404 connections
   to your site.
 * For this reason, I wouldn’t recommend blocking users that attempt to access that
   URL.
 * Dave
 *  [Scott](https://wordpress.org/support/users/scooter1/)
 * (@scooter1)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/security-question-27/#post-11199375)
 * [@neptun](https://wordpress.org/support/users/neptun/)
    Another suggestion… “
   If” the old post at issue has a different author, I would reset their password.
   It is possible that the users credentials may have been compromised?
 *  Thread Starter [neptun](https://wordpress.org/support/users/neptun/)
 * (@neptun)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/security-question-27/#post-11201176)
 * OK, the thing is in the care when the cause came out. You know, all of those 
   smileys aren’t in the articles. Most of them appear in the **comments**, and 
   there are a lot of them, oops!
 * Thanks again!
 *  [Nice Online Shop](https://wordpress.org/support/users/sanjayhase/)
 * (@sanjayhase)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/security-question-27/#post-11201308)
 * [http://www.nice1.ga](http://www.nice1.ga)

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘Security question’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

## Tags

 * [page search](https://wordpress.org/support/topic-tag/page-search/)

 * 11 replies
 * 5 participants
 * Last reply from: [Nice Online Shop](https://wordpress.org/support/users/sanjayhase/)
 * Last activity: [7 years, 4 months ago](https://wordpress.org/support/topic/security-question-27/#post-11201308)
 * Status: resolved