I downloaded a Wordpress wordpress plugin that emails me whenever my website serves a 404 error. Last evening I acquired about 1000 emails from bots trying to find

/wordpress-content/plug ins/(X title of popular wordpress plugin)/timthumb.php

where timthumb.php is really a popular wordpress plugin which had a zero-day vulnerability a couple of days ago, therefore the visitors are searching my website for weaknesses that may be compromised. I do not have timthumb installed, however i really do not want this traffic - can there be a good way to bar it?

Use this and this page to blacklist all of the bots which were drenched using your .htaccess file.

This is actually not something that may be fully stopped. Rather you need to concentrate on ensuring the body is fully up-to-date, and set up properly.

Some vulnerability scans and exploits could be stopped utilizing a Web Application Firewall like PHPIDS or mod_security. However, these safety measures will not stop bots from searching for vulnerable files like, phpmyadmin, fckeditor or even the new timthumb.php remote code execution vulnerability.