I am managing a few WordPress installations and I’m tired of the error logs being full of 404 errors caused by bad bots that are constantly checking for style.css files in directories of known-hackable/exploitable themes, for example :
http://www.example.com/wp-content/themes/thestation/style.css
http://www.example.com/wp-content/themes/wootube/style.css
http://www.example.com/wp-content/themes/vibrantcms/style.css
There are a lot of different themes that the bad bots are searching for, so rather than write a rule for each one individually it would make more sense to have a redirectmatch that matches every instance of style.css so long as it’s NOT in the directory of the actual theme I’m using.
For example if I’m using the theme in the directory /twentyten/ then the RedirectMatch should catch every attempt to access any style.css file in any directory other than the /twentyten/ directory.
AFAIK, you can’t do this with RedirectMatch, but if you want to enable mod_rewrite, then are you trying to do something like the following:
(or some other flag such as [R=403]). The problem is whatever you do, the logs record the request parameter which will have these random styles, so you’d still need to do an intelligent filter.
You could remove these probes from the error logs by this rule to redirect the query to the prober instead:
but is this really what you want to do just to remove a 404 entry?
PS. the above assumes you have access to the root config. The same solution with a tweak works in the appropriate
.htaccess