multiple error 404, /?author=1, /admin.php, /simple.php and more

  • Resolved wordpresser

    (@mohammedays)


    3 weeks ago

    Hello there, I hope everyone is fine. While monitoring 404 error using redirection plugin, I found couple errors and I do not know if they are ok to leave or should be fixed? The list is as follow:

    /?author=1
    /admin.php
    /simple.php
    /phpmailer.lang-sv.php
    /.env
    /class_api.php
    /wp-includes/SimplePie/about.php
    /chosen.php
    /wp-add.php?a=c
    /wp-content/themes/travel/issue.php
    /.well-known/acme-challenge/atomlib.php
    /adminfuns.php
    /wp-admin/js/widgets/sgd.php

    Tank you so much.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Lina Asenova

    (@linaasenova)

    It’s good that these requests are returning 404s, as these files should not be directly accessible via the web. You may also want to check where these requests are actually coming from, as they could be generated by a plugin or another external source.

    Thread Starter wordpresser

    (@mohammedays)

    @linaasenova thank you so much for the reply.

    I am using yoast and w3 total cache do you think they are the ones generating theses errors?

    There is an option in w3 total cache that says “Do not process 404 errors for static objects with WordPress.”

    Reduce server load by allowing the web server to handle 404 (not found) errors for static files (images etc).

    If enabled – you may get 404 File Not Found response for some files generated on-the-fly by WordPress plugins. You may add those file?URIs to 404 error exception list below to avoid that.

    Also, yoast is used to help index pages and all that, do you think they might be the reason behind these errors?

    Thank you.

    jarnovos

    (@jarnovos)

    Hi @mohammedays,

    It looks like these 404 errors are being triggered by automated scanning tools/bots. They are attempting to scan your site for vulnerable parts to exploit, and searching for configuration files that might contain sensitive data (as evidenced by the request to /.env).

    To further illustrate the potentially malicious nature of these requests: the request to /?author=1 is an attempt to enumerate the username of a WordPress Account on your site by trying author IDs (ID 1 is typically the Administrator). Requests such as /admin.php, /simple.php are attempts to find admin interfaces on your site.

    This is why your monitoring plugin reports “404 Not Found” errors on those pages, as these bots are requesting pages that do not exist on your site; thereby triggering various 404’s in the process.

    You can consider using a security plugin for WordPress to detect such malicious traffic, and block them from accessing your site.

    I hope this helps to clarify the behavior you’re experiencing.
    Kind regards, Jarno

    • This reply was modified 3 weeks ago by jarnovos.
    Thread Starter wordpresser

    (@mohammedays)

    @jarnovos Thank you so much for the very helpful reply and so informative. I am using cloudflare is there a way to solve this or protect the site using cloudflare ? bot fight mode is enable already. Is the website still at risk?

    These requests may indeed be generated by bots scanning for vulnerabilities or by plugins handling caching and SEO. You can check the server access logs to pinpoint their exact origin.

    Since the files are returning 404 errors and are not accessible, everything is functioning as expected, so I don’t think any changes are necessary at this point.

    Thread Starter wordpresser

    (@mohammedays)

    @linaasenova great thanks for the answer, we will just ignore it for now since it is not causing any issue whatsoever.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.

Tags