Is there ever a legitimate reason for an outsider to access wp-admin

Yes, lots of themes and plugins make use of the wp-admin/admin-ajax.php file, and some use wp-admin/admin-post.php. But beyond that there’s little to no reason to access wp-admin.

Perhaps a search engine trying to determine if I’m running wordpress?

Search engines don’t care so much if you are or aren’t using WordPress, you would be able to tell via the user agent if it was a searchbot. If it is, then this implies you have links to nonexistent files in wp-admin that would show up in tools such as google web console, etc.

But if they did care, which they don’t, there are far better ways to identify a WordPress than querying wp-admin.

What this is likely to be, are automated attacks. Almost all hacking attempts are automated, they don’t even check your site. Exploits are fire and forget. Why make requests to a site to figure out if the exploit will work when you can just run them all? If one of them works that’s all it takes.

For this reason, you’ll see a lot of login attempts and exploit requests that aren’t even for your software. My WordPress sites get Drupal exploits and attempts to login to Joomla URLs, and I ignore them. Iff they ever became an issue I would block them at the Nginx level or lower.

At the end of the day, we cannot know for certain. If you are concerned you might break things, contact the community around your CMS and ask them. For all I know you use a CMS called WonderPage that just happens to have a wp-admin folder

Related Posts:

  1. Can’t change language (only “English (United States)”)
  2. How can we make managing lots of pages in WordPress Admin better?
  3. Taxonomy dropdown metabox in the back-end
  4. How to redirect/rewrite all /wp-login requests
  5. Show all post tags on post edit screen/sidebox
  6. Add “external” link to admin menu in the backend
  7. Disable image attachment links
  8. Remove “Time to upgrade” message from dashboard
  9. How can I enable Google Analytics on a file download link?
  10. What is the best method to close off the backend?
  11. Change Login URL Without Plugin
  12. Change the link of ‘Howdy’ at the top right
  13. wp-admin pages return ERR_EMPTY_RESPONSE
  14. Reorder custom submenu item
  15. Options for restricting access to wp-admin
  16. Unwanted redirect in admin area
  17. Looking for a hook to add attachment information to the media library tab
  18. Load Balanced WP with single server admin access
  19. How to move wp-admin login page to another location? [closed]
  20. WP-admin giving 404
  21. File exceeds upload_max_filesize, despite max filesize being large enough
  22. WordPress admin not changing language
  23. Can’t access dashboard, connection times out (other pages work fine)
  24. Getting post meta data, while editing a post in wp-admin panel [closed]
  25. Get Stylesheet To Showup in WP Admin Panel Editor
  26. Just how ‘expensive’ is this function?
  27. js Conflict in admin panel – I guess it’s from the core WP installation
  28. Why is there an intermediate redirect to https://public-url.org/wp-admin?
  29. Create a fullwidth dashboard widget
  30. admin_url in plugins
  31. Share Tags Between Custom Posts in Admin
  32. Website looks fine, but login to wp-admin yields a blank screen
  33. Filter dropdown in users.php “delete user” bulk edit screen
  34. Cannot find an OLD Gravity Form on an OLD Word Press site [closed]
  35. /wp-admin/ 500 error
  36. Where did the screen options menu go?
  37. How do I change the upload file size limit in single-site wordpress install?
  38. Can’t call external stylesheet for WordPress admin (using wp_admin_css)?
  39. WordPress notification reports
  40. Restore a layout [closed]
  41. Logging into sandbox subdomain WP
  42. Page update through theme editor caused wp admin to break
  43. White screen of death on admin and other dashboard pages
  44. wp-admin url doesn’t allow to login and redirects to same page
  45. wp-admin dashboard redirects to homepage
  46. Can I hook into wp_update_core outside of the admin?
  47. Renaming wp-admin without hard-coding it. Is it really possible?
  48. WordPress Side Menu Admin Panel Default Order numbers List?
  49. Why can I log into wp-login.php and not wp-admin.php?
  50. Change admin defaults for reading settings
  51. How to hide Admin Tabs? [duplicate]
  52. add_submenu_page() issue
  53. wp cron, admin and updates questions
  54. Restrict admin access to certain pages based on page slug
  55. Unable to properly login
  56. Is there a simple way to set wordpress site files back to out of the box?
  57. User Capabilities are not available in WP REST permission callback?
  58. How to check if it’s edit.php & post_type is set?
  59. Dashboard : remove Safari navigator message
  60. Available resources for learning WordPress 4.7.2 from the ground up?
  61. Create new user from phpMyAdmin
  62. how to stop wordpress admin menu from scrolling with page
  63. How to have WP admin in English while public website is in another language?
  64. Trying to create a page as a menu item in the admin while keeping the admen panel visible
  65. Weird urls after moving site from local env to a server
  66. How to access wp-admin from original website after setting the domain redirect/forwarding
  67. Remove “Filter” Button on All Posts in wp-admin
  68. Step by step guide for new users on how to post content?
  69. How can I fix, Sorry, you are not allowed to access this page. I have tried the usual
  70. only last option from theme options is being saved to the DB
  71. Hook into form handle from admin users table
  72. Give wp-admin access for shop managers
  73. Cannot log in to WordPress admin or change password
  74. 403 Error when using save buttons
  75. wp-login.php entering password nothing happens
  76. Cached php? Updates are rendering only if logged as admin
  77. Js errors in wp-admin
  78. Avoid executing a function (redirect) if I’m in the admin area
  79. Symlinking WordPress WP-ADMIN and WP-INCLUDES
  80. I cannot access my WP website after changing settings
  81. sharing wp-include – wp-admin on same installation
  82. Making WP Admin Folder accessable JUST under a different link
  83. Is it possible to load an admin page inside a thickbox?
  84. Why would running an admin check throw a 500 error? I’m calling is_super_admin();
  85. admin_print_styles incuding $_SERVER[‘DOCUMENT_ROOT’]
  86. I am not able to enable jQuery in theme settings
  87. WordPress loop in post admin view
  88. How to restrict user to see his comments only and admin can see everyone comments?
  89. Admin Scripts enqueue codes seems ok but not working
  90. admin-post.php results on white screen after form submission
  91. CSS not showing up in my website Only HTML Displaying
  92. What is the point of new confirm admin email process?
  93. ‘Too many redirects’ error after changing site URL in WordPress [closed]
  94. Is it possible to tell if a user is logged into WordPress from looking at the cookies which are set?
  95. Move Custom Taxonomy Menu to Top Level Admin Menu
  96. Extend user search in the users.php page to allow for searching by role and excluding specified email domains from the “users search” input box
  97. get_current_screen() does not return parent_file
  98. Valid WordPress html elements
  99. Unable to access WordPress admin panel
  100. Is it possible to hide or encrypt the display name after login into the WordPress admin panel?