WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
Log shows database errors and changes (3 posts)

  1. JoNeo
    Member
    Posted 1 year ago #

    Hello

    I've recently installed the Better WP Security plugin for a client's website.

    After a few days of use, my client informed me that the plugin's log shows that the following:

    Your database contains 14 bad login entries.
    Your database contains 32 404 errors.
    Your database contains 10 changed file records

    The numbers have since increased.

    I've check the website's scripts and database and there are all in order.

    I am at loss on what caused the errors and changes.

    Appreciate any help. Thanks so much!

    http://wordpress.org/extend/plugins/better-wp-security/

  2. Handoko
    Member
    Posted 1 year ago #

    Hello.

    This Better WP Security is a good security plugin, but many people not really fully understand how to use it effectively. Because the author is very busy can't provide much time for answering questions here in this forum, so lets me try to explain what I know.

    Bad login entries, what are they?

    Normally, there are 2 possibilities: hackers try to login to your website or, you (or your clients) type wrong information on the login page.

    My suggestion are, you need to study the patterns, if it happens frequently and you know that is not you nor clients faults (typing errors), in other words it means those are hacking attempts, you should put those IPs in your ban list.

    Me, get bad login entries almost everyday. The more famous your website (higher Google PR) is, the more hackers are interested to login to your website.

    404 Errors, it sounds serious, but it might not be so serious as you think.

    404 errors (this plugin calls it: intrusion detection), can be an indication of your website is under attack, hacker is trying scanning your website vulnerability, and blablabla ... whatever bad things you can think about. And yes, it can be a very serious security issue.

    But it also can caused by any small mistake, even not a mistake but intentionally action, for example you simply moved or deleted a post or an image. The web crawlers (also Google) will come back looking for the old post/image/link even after months. It is a good practice (for SEO reason) to avoid deletion or renaming anything you have publicized on the web.

    Sometimes the 404 errors may occur if one of the plugin/theme you're using does not support wp-content folder renaming. I have several such cases. I contacted the authors, and yes they improved the plugin to support wp-content folder name change and the problem solved.

    But some authors are busy. For example here is one of the case I reported to the author:
    http://wordpress.org/support/topic/wp-content-issue

    Recently, there are many 404 errors caused by apple device users. It is generated because Apple users (iPad, iPhone, etc) are visiting your website. Apple created new standard for their web browsing experience which does not follow the standard now widely used. You can find more information here:

    http://en.wikipedia.org/wiki/Favicon#Device_support
    http://gigaom.com/2011/06/22/how-to-create-ios-device-home-screen-icons-for-web-sites/

    Changed file records

    This feature is good for monitoring file being altered by hackers. But many of the files in your website are supposed to change. For example plugin that auto generate captcha pictures. So you may need to whitelist the directories which the contents are supposed to change.

    This plugin may report anything that it thinks might be harmful. Some warnings can be serious, but others are simply small mistakes. You need to study the warning information, doing some researches on the web, understand what and why it happens, so you can effectively use this plugin to improve your website's security. No one can be sure to tell you what the warnings really are, without studying to message.

  3. Handoko
    Member
    Posted 1 year ago #

    You mentioned:
    Log shows database errors ...

    Actually, your database is okay without any problem, but it does contain some error messages.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic