Title: shell.php user.php fake .php
Last modified: November 15, 2023

---

# shell.php user.php fake .php

 *  Resolved [startechmarketing](https://wordpress.org/support/users/startechmarketing/)
 * (@startechmarketing)
 * [2 years, 6 months ago](https://wordpress.org/support/topic/shell-php-user-php-fake-php/)
 * How do I block attempts to access non-existant .php files, in the rank-math 404
   monitor have 2,000 + items with alfa.php, xleet.php, user.php, init.php etc .
   should I be concerned ? How can I protect my site from things like this ?
 * Thanks

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [2 years, 6 months ago](https://wordpress.org/support/topic/shell-php-user-php-fake-php/#post-17203853)
 * Those are standard Bot recon probes to check if your website is hacked. 99% of
   hacking is automated using Bots. You can ignore those 404 errors since the hacker
   files don’t exist and Google will not penalize you for those 404 errors.
 *  Thread Starter [startechmarketing](https://wordpress.org/support/users/startechmarketing/)
 * (@startechmarketing)
 * [2 years, 6 months ago](https://wordpress.org/support/topic/shell-php-user-php-fake-php/#post-17206003)
 * Thanks for the response. In the last few hours I see things like /admin/login.
   tx and .well-known/acme-challenge
 * If I have a list of these is there a way to block the bots that are looking for
   non-existant files and folders ?
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [2 years, 6 months ago](https://wordpress.org/support/topic/shell-php-user-php-fake-php/#post-17207058)
 * Hacker bot probes occur every day all day long. You don’t need to be concerned
   about them at all. I will post some htaccess code to block these bot probes, 
   but what is most important for you to understand is the bot probes are meaningless
   and do not cause any problems for websites. So the best thing to do is just to
   ignore them.
 * This code will block specific filenames. Replace filename.php with the actual
   filenames you would like to block. Filenames are separated by the pipe operator
   | which means “or” in htaccess code. Add this code in BPS Root Custom Code text
   box: **14. CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK
   IP/REDIRECT CODE**
 * Click the Save Root Custom Code button to save the code. Activate Root folder
   BulletProof Mode to have this code written to your root htaccess file. You will
   repeat that process each time you edit this code.
 *     ```wp-block-code
       # BEGIN BPS DENY ACCESS TO FILES
       <FilesMatch "^(filename\.php|filename\.php|filename\.php)">
       <IfModule mod_authz_core.c>
       Require all denied
       </IfModule>
   
       <IfModule !mod_authz_core.c>
       <IfModule mod_access_compat.c>
       Order Allow,Deny
       Deny from all
       </IfModule>
       </IfModule>
       </FilesMatch>
       # END BPS DENY ACCESS TO FILES
       ```
   
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [2 years, 6 months ago](https://wordpress.org/support/topic/shell-php-user-php-fake-php/#post-17220044)
 * Assuming all questions have been answered – the thread has been resolved. If 
   the issue/problem is not resolved or you have additional questions about this
   specific thread topic then you can post them at any time. I still receive email
   notifications when threads have been resolved.
 *  Thread Starter [startechmarketing](https://wordpress.org/support/users/startechmarketing/)
 * (@startechmarketing)
 * [2 years, 6 months ago](https://wordpress.org/support/topic/shell-php-user-php-fake-php/#post-17221781)
 * Thanks I am afraid to try your code as I was told by my host problems with updating
   plugins was due to code like this.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘shell.php user.php fake .php’ is closed to new replies.

 * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938)
 * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/)
 * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/)
 * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/)

 * 5 replies
 * 2 participants
 * Last reply from: [startechmarketing](https://wordpress.org/support/users/startechmarketing/)
 * Last activity: [2 years, 6 months ago](https://wordpress.org/support/topic/shell-php-user-php-fake-php/#post-17221781)
 * Status: resolved