Why Requests Containing “wp-” Are Blocked
Overview
Are your website pages or URLs returning a 403 Forbidden error?
If this happens, one of the first things to check is whether your URL contains “wp” or “wp-” in the address.
Our platform blocks requests containing “wp” by default because they are commonly associated with automated attacks targeting WordPress websites. Since our platform does not use WordPress, these requests are usually considered suspicious and are automatically blocked for security reasons.
For example, URLs such as:
www.example/contact-dcwp-etwww.example/wp
may trigger this security rule and return a 403 Forbidden response.
Why These Requests Are Blocked
Many automated attacks scan websites for common WordPress directories and files, such as:
/wp-admin/wp-login.php/wp-content//wp-includes/
Attackers use these scans to identify WordPress sites and attempt exploits such as:
Brute force login attempts
Plugin or theme vulnerability exploits
Malware uploads
Data extraction attempts
Because these requests are strongly associated with malicious activity, our firewall blocks requests containing “wp” or “wp-” by default to protect the platform and hosted websites.
How to Resolve the Issue
If you believe the URL is legitimate, you may need to:
Rename the page URL to remove “wp”, or
Remove any dashes before or after it so it is combined with the surrounding text
For example:
❌ example.com/contact-dcwp-et
✅ example.com/contact-dcwpet
If the issue still persists, please contact support so the request can be reviewed.
Summary
Requests containing “wp” are commonly associated with WordPress attack attempts.
These requests are blocked by default as a proactive security measure.
If a legitimate page is affected, updating the URL will usually resolve the issue.
Support can review the request if further assistance is needed.
Comments
0 comments
Please sign in to leave a comment.