Last night I activated the IP Lockout feature with the latest Defender update. Today I wake up to 111 items in my log for IP lockouts, 404 detection and Login protection. This is my first time seeing what's actually happening on a site so I'm having trouble making sense of it all.
I went through the list and there is the usual "Request for file wp-login.php which doesn't exist" items of which there are many and all with different IPs. I use complex usernames and passwords so I'm not concerned.
There are also many 404 detections for files in foreign languages within folders that don't exist on my site. One of those IPs was eventually blocked by my settings. Are these ones just normal attempts on the site or is there something further I should be doing about these in particular?
But the ones I'm most curious about are the attempts to access .pdf files and image files that were once on the domain's previous site before the redesign last year. I used redirects to redirect all still active pdf and image files to the new site. Normally, if it were just a handful of files trying to be accessed within a short period, I would say that it's just a normal user who has perhaps not updated their bookmarks. However, there are dozens of requests for these files over a 12 hour period, several times an hour from various IPs. All of them from the old site files. So I have a few questions about this scenario:
1) why are these files trying to be accessed if the site is no longer functioning? The domain is the same on the new site but the folder structure these files use no longer exists (it was a plain HTML site not WP).
2) do I need to add 301 redirects for these files to make these requests go away?
3) do all these 404s that I see in my logs hurt the site's SER? Is it normal to see this much activity on a fairly small, low activity site?
Thank you for any insight you can provide. I'm just trying to make sense of my logs.