Title: WordPress plugin security Last modified: August 16, 2021 --- # WordPress plugin security * Resolved [idnr1](https://wordpress.org/support/users/rm04/) * (@rm04) * [4 years, 9 months ago](https://wordpress.org/support/topic/wordpress-plugin-security/) * Hello, * In the log files everyone can see that there are many attempts being made to see if a file exist in the /wp-content/plugins/* folders. Is there another / better way to check which connections are guessed and which are actual files. * The reason im asking since many java script files reside in those plugin folders. * After updates the file (versions) change pretty often. Instead of re scanning the site and catch all the links to exclude them i wonder if there is an easier way to accomplish this? * Thanks in advance for any suggestions - This topic was modified 4 years, 9 months ago by [Jan Dembowski](https://wordpress.org/support/users/jdembowski/). Reason: Moved to Fixing WordPress, this is not an Developing with WordPress topic * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fwordpress-plugin-security%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 3 replies - 1 through 3 (of 3 total) * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [4 years, 9 months ago](https://wordpress.org/support/topic/wordpress-plugin-security/#post-14772235) * If the log shows a 404 status, then the file does not exist. Getting probed for vulnerable (or potentially vulnerable) files is a fact of internet life. There’s nothing for you to exclude. * Thread Starter [idnr1](https://wordpress.org/support/users/rm04/) * (@rm04) * [4 years, 9 months ago](https://wordpress.org/support/topic/wordpress-plugin-security/#post-14772393) * That fact of an internet life is what i’m fighting against, saying that there is nothing to exclude/filter only shows your capabilities and is not rlly an answer to my question. * To catch unwanted traffic u need to be able to determine if something is a guess or if something is generated by the code u use now or in the past. * So yes there is a lot to exclude/filter from the /wp-content/plugins/* folders. * Basically everything that connects to /wp-content/plugins/* and that is not created by the code u use is unwanted traffic and should be blocked! * But ill figure it out myself, was just hoping there would be more support on this question then just saying u gotta deal with it…… * kind regards * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [4 years, 9 months ago](https://wordpress.org/support/topic/wordpress-plugin-security/#post-14772405) * There’s no “filter” to block 404s. You can block some malicicous traffic with a plugin like WordFence, though I strongly suggest you do not choose to have it email you with every intrusion/probe attempt because there will be a lot of them. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘WordPress plugin security’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 3 replies * 2 participants * Last reply from: [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * Last activity: [4 years, 9 months ago](https://wordpress.org/support/topic/wordpress-plugin-security/#post-14772405) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics