Most wordpress php files are in directory
wp-includes in wordpress root directory. This can be used by hackers to try to access these directly. This may lead to unnecessary errors in apache error log file also.
In case you are using WordPress with Apache, you can use the following configuration in apache conf file to prevent access to these php files.
RewriteEngine on RewriteRule ^/wp-includes/[^/]*\.php$ - [L,R=403]Or alternatively you can add the following to
RewriteEngine on RewriteRule ^wp-includes/[^/]*\.php$ - [R=403,L]Now try to access url /wp-includes/class-wp.php. You should be able to see the following access denied page.