404 error detection no longer working

  • editorsean

    (@editorsean)


    11 years, 10 months ago

    When I first started using iThemes Security (Better WP-Security at the time), the 404 error detection use to work fine with the only small issue being Googlebot often being blocked. It kept retesting the URL structure from a former Joomla site, so what I did at the time was increase the error threshold to 40 and added every Googlebot IP address I could find and verify in the logs.

    Just recently, my site has been actively scanned for certain php files across a wide range of URLs, adding many pages of 404 errors. As far as I can tell, the 404 is no longer working as the last attack added 212 404 errors over a period of 2 minutes from a single IP address, but did not get locked out.

    The following are the settings I have for this detection:
    404 Detection: Checked
    Minutes to Remember 404 Error: 5 Minutes
    Error Threshold: 40 Errors
    404 File/Folder White List (separate lines):

    • /favicon.ico
    • /robots.txt
    • /apple-touch-icon.png
    • /apple-touch-icon-precomposed.png

    Ignored File Types:

    • .jpg
    • .jpeg
    • .png
    • .gif
    • .css

    I’m not sure if this is related, but I also had a similar issue with brute-force attacks on the log-in page, where in one case I had over 1000 pages of logs in just a few hours despite having brute force detection enabled. That issue hasn’t happened since I used the Hide Login feature, probably because the new login URL hasn’t been hit yet.

    https://wordpress.org/plugins/better-wp-security/

The topic ‘404 error detection no longer working’ is closed to new replies.