diff --git a/main.go b/main.go
index eaed7c6..f3c9f66 100644
--- a/main.go
+++ b/main.go
@@ -574,10 +574,11 @@ func CheckRequest(app *model.AppState, next http.Handler) http.Handler {
             return
         }
 
-        // obviously .php requests these don't affect me, but these tend to be
-        // lazy wordpress intrusion attempts. if that's what you're about, i
-        // don't want you on my site.
-        if strings.HasSuffix(r.URL.Path, ".php") ||
+        // same with .php and awkward double-slash requests.
+        // obviously these don't affect me, but these tend to be lazy intrusion
+        // attempts. if that's what you're about, i don't want you on my site.
+        if strings.HasPrefix(r.URL.Path, "//") ||
+        strings.HasSuffix(r.URL.Path, ".php") ||
         strings.HasSuffix(r.URL.Path, ".php7") {
             http.NotFound(w, r)
             fmt.Fprintf(