Block in Wordfence

Urls to add on this page (your-site-domain-name)/wp-admin/admin.php?page=WordfenceOptions

If you see an attacker repeatedly probing your site for a known vulnerability, you can use this option to immediately block them.

Separate multiple URLs with commas or place them on separate lines. Asterisks are wildcards, but use with care. All URLs must start with a “/” without quotes and must be relative. e.g. /badURLone/, /bannedPage.html, /dont-access/this/URL/, /starts/with-*

/data/cache/asd.php
/www.zip
/phpmyadmin
/installer.php
/installer-backup.php
/plus/result.php
/contact.jsp
/searchreplacedb2.php
/test/wp-admin/
/blog/wp-admin/
/modules/node/node.css
/core/CHANGELOG.txt
/logs/xml.log
/loja/var/
/wls-wsat/CoordinatorPortType
/wp-sbb.php
/HTTP/1.1
/wp-content/plugins/ubh/up.php
/admin/login.php
/wwwroot.rar
/auth.sql
/db.sh
/files.tar.gz
/restore.zip
/administrator.zip
/robot.php
/sql.rar
/images/load.php
/fuck.php
/plus/90sec.php
/upload.php
/root.sh
/Dump.sql
/db.sql
/.sql
/log.php