I am running a multisite and I have decided 2 months ago to dump Wordfence for Defender.
One major issue I am still facing ever since is related to the inability to determine the real path/file that the hacker or even the legitimate user is after. To be exact, I am getting entries like :
” 404 Request for file /datafiles/images/Text7.jpg which doesn’t exist” and you cannot really tell from this which site this user was targeting. More than that this was coming from a legitimate user for which I have verified that at that time he was not looking at a web page with this file and this file doesn’t indeed exist… so how could he have made this request in the first place?
I would love to have more information to make an educated guess and decide to either block or allow the user to my sites.
Thank you very much for your attention.