If you are running WordPress on Linux, most likely you won’t expect user hitting your website with .asp / .cfm / .jsp extension. When some hackers are trying to scan your site with all these non-sense requests, your webserver will be overloaded due to the 404 page is generated from wordpress.
To deal with this issue – we have written some re-write rules to tackle these requests before this is hitting onto the wordpress core.
RewriteCond %{REQUEST_URI} !^/index.php$
RewriteCond %{REQUEST_URI} !robots.txt$
RewriteCond %{REQUEST_URI} !wp-.*.php$ RewriteCond %{REQUEST_URI} !healthcheck.php$RewriteRule .*\.(asp|aspx|ashx|asa|jsp|cfm|do|action|cer|exe|txt|htm|html|rar|zip|php)$ – [F,L,NC]