scanning for Wordpress?

Jan. 5th, 2022 11:30 pm
cellio: (Default)
[personal profile] cellio

Every now and then I remember to look at my web site's traffic. Every month my site produces a few hundred "URL not found" errors, and almost all of them are related to Wordpress -- wp-login.php, xmlrpc.php, and wlwmanifest.xml (tried at a bunch of entry points, each exactly 30 times in the last 30 days, presumably a daily probe).

I don't run Wordpress -- never have. But I guess it's popular enough, and has bugs or security holes, that people find it worthwhile to send their bots to look for it on every web site they can find?

Tags:
Flat | Top-Level Comments Only

(no subject)

Date: 2022-01-06 11:28 am (UTC)
outofwater: Me outside St John's before my confirmation at the Easter Vigil 2016 (Default)
From: [personal profile] outofwater

I think another thing WordPress has "going for it" (from the point of view of people looking to exploit security holes) is that it is also something commonly installed by people with little/no experience in server administration and may often be left running for years with few (if any) upgrades applied.

(no subject)

Date: 2022-01-07 04:39 am (UTC)
cellio: (Default)
From: [personal profile] cellio

Oh, good point. Now that you mention it, I wonder -- if I were using Wordpress, which I'm not -- what I'd be responsible for myself versus what my hosting platform would do for me. My hosting CPanel has a "Wordpress" link that I've never clicked; I assumed that means Wordpress is installed on the server and that's for me to turn it on, but do they keep it up to date if so? Or do I? (Idle question, since I'm not going to use it; if I were, I'd ask them that question.)

Flat | Top-Level Comments Only

Expand Cut Tags

No cut tags
Top of page