wp-admin/css/

Hi @martje65,

This is a great technical observation!

The reason your Honeypot URL isn’t working for /wp-admin/css/ is because Advanced IP Blocker (and WordPress itself) never actually sees that request.

Here is the technical breakdown:

1. The bots are requesting a physical folder that actually exists on your server (/wp-admin/css/).
2. Because the folder exists, your web server (Apache) intercepts the request before handing it over to WordPress (PHP).
3. Apache sees that there is no index.php file in that folder, and since directory browsing is disabled on your server, Apache immediately rejects the request with a 403 Forbidden error.

Since the request is killed by Apache at the server level, it never reaches PHP, which means our Honeypot module never gets the chance to scan the URL or block the IP.

The good news:
You don’t actually need to block them! What you are seeing in your server logs is proof that your server is already perfectly protected against directory browsing. The bots (which are doing “Referrer Spam” pretending to come from binance.com) are hitting a brick wall. They are consuming zero PHP/Database resources.

If you really want to permanently ban those specific IPs, you would have to add a custom .htaccess rule manually, but my recommendation as a security developer is to just ignore them. Let Apache drop the connection instantly; it is the most efficient way to handle them.

Best regards,

Advanced IP Blocker Team