Making sense of Defender 404 Detection

Last night I activated the IP Lockout feature with the latest Defender update. Today I wake up to 111 items in my log for IP lockouts, 404 detection and Login protection. This is my first time seeing what's actually happening on a site so I'm having trouble making sense of it all.

I went through the list and there is the usual "Request for file wp-login.php which doesn't exist" items of which there are many and all with different IPs. I use complex usernames and passwords so I'm not concerned.

There are also many 404 detections for files in foreign languages within folders that don't exist on my site. One of those IPs was eventually blocked by my settings. Are these ones just normal attempts on the site or is there something further I should be doing about these in particular?

But the ones I'm most curious about are the attempts to access .pdf files and image files that were once on the domain's previous site before the redesign last year. I used redirects to redirect all still active pdf and image files to the new site. Normally, if it were just a handful of files trying to be accessed within a short period, I would say that it's just a normal user who has perhaps not updated their bookmarks. However, there are dozens of requests for these files over a 12 hour period, several times an hour from various IPs. All of them from the old site files. So I have a few questions about this scenario:
1) why are these files trying to be accessed if the site is no longer functioning? The domain is the same on the new site but the folder structure these files use no longer exists (it was a plain HTML site not WP).
2) do I need to add 301 redirects for these files to make these requests go away?
3) do all these 404s that I see in my logs hurt the site's SER? Is it normal to see this much activity on a fairly small, low activity site?

Thank you for any insight you can provide. I'm just trying to make sense of my logs.

  • Kasia Swiderska

    Hello Yvonne,

    1) why are these files trying to be accessed if the site is no longer functioning? The domain is the same on the new site but the folder structure these files use no longer exists (it was a plain HTML site not WP).

    That means that somewhere there are saved paths to those files - old sitemap maybe - and bots (because those hits are usually done by bots) and crawling those paths. There are many thousands of garbage sites that scrape and post links to attract users. It is a form of spamdexing. Sometimes these links only exist for a short period of time. Links like these often come from databases that have been passed around from previous scraping efforts so that old links will reemerge and new sites will crop up periodically. There is nothing you can do about it.

    2) do I need to add 301 redirects for these files to make these requests go away?

    It could help with 404 error, but it wont prevent from scanning your site - rather use IP blocking feature in Defender.

    3) do all these 404s that I see in my logs hurt the site's SER? Is it normal to see this much activity on a fairly small, low activity site?

    They will not hurt your SER, but they are wasting your resources (your server need to react in some way - WordPress uses own 404 page and that takes some resources to show).
    And those are bots - they are not checking if site is small or big, or popular - that goes automatically.

    Let me know if you have more questions.

    kind regards,
    Kasia

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.