Blocking WordPress Scanners on a Static Site

January 7, 2026

Within minutes of launching this site, I started seeing requests for /wp-admin, /wp-content, and other WordPress paths. This site isn't a WordPress blog. It's a static site that I generate locally from a python script. So these were automated scanners, not real users.

This kind of traffic is normal background noise on the public internet. Rather than letting it hit the site and clutter logs, I blocked it at the Cloudflare (DNS) edge with a simple rule that rejects WordPress-related paths outright.

Nothing fancy. Just removing traffic that doesn't belong. If you want to get blocked as well, try visiting chrispaul.info/wp-admin