This page short URL: c9k

Using the URL blocking feature, you can stop some obviously inappropriate requests very quickly to avoid wasting precious server resources on them. Typically, such requests will be well-known bots requests to your site trying to attack it or just identify it. The most common ones are requests directed at WordPress (!) sites. Malicious attackers simply sends them to all sites they can find, whether WordPress or not. This can result in added load on your server and reduced speed for your legitimate visitors.

sh404SEF comes with rules to block those common WordPress-targeted requests and you can add your own rules to block other URLs, specific to your use case. Here is the configuration screen.

sh404SEF anti-flooding configuration

URLs to block

You can enter one rule per line in that input field. Do not include the domain name or a leading slash. You can also include wildcard characters such as {*} and {?} to represent, respectively: any number of any characters, or any single character.

Here are a few examples:

some/url.html

will block requests to https://example.com/some/url.html, and that URL only.

some/url{*}

will block requests to

  • https://example.com/some/url
  • https://example.com/some/url/
  • https://example.com/some/url.html
  • https://example.com/some/url.php
  • https://example.com/some/url/and-many-more

and all requests to URLs that starts with https://example.com/some/url

The default rules included with sh404SEF are:

wp-{*}.php{*}
wp-admin{*}
wp-content{*}
wp-includes{*}
wp-login{*}
wp-json{*}

Action to take

When a request matches one of the above rules, you can select to:

  • do nothing (during development and testing for instance)
  • Trigger a 404 error (page not found)
  • Trigger a 403 error (forbidden request)

The default is to trigger a 404 error page.