Keeping track of 404 Events on the WordPress Website

Many common HTTP errors have numbers associated with them. The most common of all HTTP errors is the 404. And techy or not you have probably heard of it, or at least stumbled across one in your web travels.

Essentially the 404 triggers when a visitor attempts to visit a page on a web site that doesn’t exist. Many web masters (or content management system developers) often implement methods to handle a 404 elegantly. Some are very clever with their actions of the 404, by creating memorable “404 error” pages, making the 404 a household name.

Now, in general, the 404 is a seemingly innocent error. Mis-type a URL or follow an outdated link, and a 404 is the result. So why would you want to monitor for 404′s on your website?

As mentioned, 404s will happen… hopefully not too often on a well maintained site, but they will happen, and in general it is perfectly OK. But when several 404s occur in a short time span from the same visitor, he or she may be up to no good.

Perhaps this “404 generator” is guessing at a URL for a login page, or perhaps they are looking for hidden content. Whatever the case, if there isn’t a public URL to the page they are “guessing” the URL of, odds are their behavior is of the malicious type.

So… why not block these folks? … even if just temporarily.

Well, there’s a feature of the All-in-One Security and Firewall plugin for WordPress that will allow you to do just that. All 404 events can be detected and logged, and if something seems suspicious, the culprit can be locked out for a while.

Video Tutorial

Follow along in the video to setup this feature. Note: in the video, the plugin is already installed.