How to stop malicious GET requests in wordpress

0
votes

Wordpress-5.2.2 Nginx - 1.14.0

The wordpress website was infected by malware, seems to be xmlrpc.php attack, there were few malicious encoded files and i scanned it using wordfence and cleaned them, but still there is malicious GET requests to the website creating urls, some of them returning 404, some returning 200 status code, the ones which returns 200 redirect to my current home page, there is no redirection. But in google the unwanted urls are getting indexed. Please some one help how to stop this.

207.46.13.225 - - [30/Aug/2019:09:38:12 +0000] "GET /?mailboat-914902346%2Fnonpareil_la HTTP/1.1" 200 289904 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"

46.229.168.136 - - [30/Aug/2019:09:38:13 +0000] "GET /?frizette%2F1028035242%2Fpersevering.racing HTTP/1.1" 301 5 "-" "Mozilla/5.0 (compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html)"

46.229.168.146 - - [30/Aug/2019:09:38:15 +0000] "GET /?frizette%2F1028035242%2Fpersevering_racing HTTP/1.1" 200 290444 "-" "Mozilla/5.0 (compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html)"

1
wordpressnginx
Are you using the WordFence endpoint firewall? - Adam Hopkinson
am using it but i don't know how to stop this through wordfence, but still wordfence is blocking few ips, but this get requests are creating urls in the domain name which causing huge problem - chandesh .S

1 Answers

0
votes

Here are a few things you can add to your wordpress config file to stop lockdown your site with some comments as to what each one does. 

//  Disable pingback.ping xmlrpc method to prevent Wordpress from participating in DDoS attacks
if ( !defined( 'WP_CLI' ) ) {
    // remove x-pingback HTTP header
    add_filter('wp_headers', function($headers) {
        unset($headers['X-Pingback']);
        return $headers;
    });
    // disable pingbacks
    add_filter( 'xmlrpc_methods', function( $methods ) {
            unset( $methods['pingback.ping'] );
            return $methods;
    });
    add_filter( 'auto_update_translation', '__return_false' );
}

//Automatic Database Repair - http://example.com/wp-admin/maint/repair.php
define('WP_ALLOW_REPAIR', true);

//Foce SSL on Admin Panel
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

//Disable Theme File Editor
define('DISALLOW_FILE_EDIT', true);

//Disallow Users to Install Plugins/Themes or doing updates
define('DISALLOW_FILE_MODS',true);

//Forcing use of FTP for all uploads, upgrades and plugin installation
define('FS_METHOD', 'ftpext');

//If FTPS is supported then add the following line to the config file
define('FTP_SSL', true);

You will need to disable the FTP mode and disallow_file_ features in order to install plugins or make changes to the base code but aside that it should keep your site more secure.

Also to directly answer your question you can have a look at a plugin like this to filter out bad URL requests.

https://wordpress.org/plugins/block-bad-queries/

Good Luck!