Replies: 0
Hello.
Can you please tell me if WordFence legitimately, needs access to admin-ajax.php?
I ask because, Wordfence recently blocked 157 sustained attacks all attempting to use admin-ajax.php so, I created a Firewall Rule on Cloudflare to challenge bots accessing admin-ajax.php.
Then I noticed Firewall Rule events on Cloudflare where the rule was triggered but seemed to implicate WordFence. So, I’m wondering:
- does WordFence legitimately needs access to admin-ajax.php
- should I remove the Firewall Rule on Cloudflare
URLs that involve Wordfence / triggered the Firewall Rule events on Cloudflare:
/wp-admin/admin-ajax.php?action=wordfence_testAjax
and
/wp-admin/admin-ajax.php?action=wordfence_doScan&isFork=0&scanMode=quick&cronKey=7a039edb6b941bd2e1fe24d2326bc7c3
Thank you!
Julian