I’m using Defender Pro (latest version as of August 2025) to enhance my site’s security, particularly the Firewall > 404 Detection feature to block suspicious requests based on patterns from my lockout logs. I’ve been adding specific file paths to the “Files, folders, and file types blocklist” (e.g., /wp-admin/user/bak.php, /jp.php, /.well-known/tiny.php), and it’s working well for exact matches.
However, the documentation doesn’t explicitly mention whether this blocklist supports regular expressions (regex) for more flexible rules. I’d love to confirm if regex is supported, and if so, how to implement it correctly. For example:
To block all PHP files in the /.well-known/ directory (while allowing legitimate ACME challenges): /.well-known/.*\.php
To catch variations of suspicious backup or exploit files like bak.php or similar: /.*(bak|sigunq|alfa-rex)\.php
To block any PHP requests in non-standard directories like /wp-content/uploads/: /wp-content/uploads/.*\.php
Why would this be useful? My lockout logs show bots probing for a wide range of similar files (e.g., /suu.php, /ini.php, /termps.php, /makeasmtp.php), and regex would allow me to generalize rules without listing every possible variation individually. This could reduce maintenance and catch new exploit attempts proactively, especially for patterns like all .php in certain paths or filenames with common suffixes.
If regex isn’t currently supported, is there a workaround (e.g., via custom .htaccess rules or another Defender feature)? Or could this be considered as a feature request?
Thanks in advance for any insights or confirmation!