404 lockout detection

Hi @devksec,

Reading the iThemes Security 8.0 Brings New Design, Features post on iThemes blog is highly recommended.

You’ll find your answer in the Addition by Subtraction: Settings Removed in 8.0 section.

+++++ To prevent any confusion, I’m not iThemes +++++

Well that’s a massive shame, as once configured correctly it helped a lot against enumeration and other exploit attempts.

Does anyone know of any replacement plugins which do the same?

@devksec,

We agree with you 100%. A much needed feature that’s no longer available.

The reason for the removal — given in the link shared by @nlpro and shown below — makes no sense.

404 Detection

More often than not, the 404 Detection setting ended up locking out legitimate visitors to your site. On sites with lots of broken links, it could even end up blocking crawlers like Googlebot, which is a problem for SEO.

We used the 404 detection module successfully for many years with no “Googlebot” or “Bingbot” unintended lockouts. Also, if legitimate visitors are running into a lot of 404s when visiting our website, well, they are not legitimate. Legitimate user always navigate to our approved, posted links which are in our website menu.

We say, bring back not only the 404 Detection Module, but expand it to detect any type of error (e.g., 2XX, 3XX, 4XX, 5XX, etc.). It helps us determine the source of many illegitimate visitors, ill-intended visitor, and bad bots.

SiteGround Security (a fairly new security plugin) provides what you’re looking for (and us). It still has a few minor bugs that are affecting our website but they’re working on them now. As soon as they’re fixed, we’re switching back to it.

Cheers!

Totally agree with what has been said.

I do believe that the 404 lockout increases security since in the logs of all the websites you can see brute force scans of possible vulnerabilities.

Please @mmoore247 consider adding the functionality again.