One of our clients has stopped using WordPress but is still seeing a lot of traffic to the usual core php files (ex: wp-admin.php / wp-login.php / xmlrpc.php). Instead of blocking these and returning a 403, what do you guys suggest would be a fun or clever way to handle these? Make these bots download a gigantic blob file? Make a fake login page that submits their info to the abuse address of their own host? Something else?
👤 brudgers Accepted Answer ✓
It's your bandwidth. Do you want to use it to send gigantic blob files to non-customers/users?
Making things suck is usually a low-ROI approach.
There's nothing to take personally when it comes to bots.