After installing Defender Page Links report 404 errors

My client was getting spam blogs from time to time, and was deleting them manually. I tried to run a WP Checkup for theSLN.com, but it reported it couldn't publicly access the domain. Thought the next best move would be to install Defender, and let it perform the scan. It reported 2 suspicious files /wp-includes/error_log, and /wp-admin/error_log. I didn't make any changes to these.

I disabled the pingbacks, and then received an email from the client that the blog page was down. I went back to the site, and all but the landing page are now down.

  • Tim

    I found two .htaccess files with a timestamp 2 minutes newer than the Defender activation. They are located in /wp-content and /wp-includes. Both were zero bytes - void of any code. I tried renaming the two files to .NOThtaccess, and I still can't access the page links. The home page works (theSLN.com), but the page and post links report 404 errors. Divi Builder is used on this site. I've granted WPMUDEV support access to the site.

  • Tim

    Found a third .htaccess file (0-byte) at the root of public_html with the same 11:16 PM timestamp as the other two above - I was searching for timestamps at this point. I reset the blank content with the Basic WP content from https://codex.wordpress.org/htaccess#Basic_WP and the links came back to life. I repeated this with the .htaccess files I found in /wp-content and /wp-includes. Things seem to be back to normal. I'm leaving the support access open if you want to take a look at what may have caused this. I'm not sure if the .htaccess files were there (with different content) before I activated Defender or not. My pillow is calling me.

  • Predrag Dubajic

    Hey Tim,

    Hope you're doing well today :slight_smile:

    You should have default .htaccess rules only in your main .htaccess file, the one inside your root WP folder, the other two can be left empty and they will be used by defender to add specific rules when using Defender > Hardening options.

    As for the error_log files, those are most likely created by your server debug, they are not really harmful to your site as they store the errors that happen on your site.
    However it's best to have log enabled only while debugging as it can create large files and if someone visits those files they can see the errors and perhaps find a vulnerability in your site based on info from there.

    As for the WP Checkup error, I'm afraid that it's not the only tool unable to access your site, I tested it on different tools, like site24x7.com, geopeeker.com and uptrends.com, and each of them had some location that is unable to access your site, mostly visible in uptrends, here are the results I got for your site:

    I would suggest checking with your host about this and see why the site is not accessible from all locations.

    Best regards,
    Predrag

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.