[Plugin: Better WP Security] Better WP Blocking GoogleBot!

I have the same problem: This plugin blocks googlebots, and I never turned on Filter Request Methods. Besides that, after clicking on menu items I get blank pages with ‘error’ in the left corner. Deactivating this plugins was the only way to get back to the backend after logging in again.
I am so sorry…this plugin seemed to be what I really need. Security and backup in one plugin. But it gives me and my clients much stress…

It sounds your issue is 404 errors.

Goto menu > Security > View Logs. You need to examine the 404 errors. I can think a very possible cause is, one of your plugin or theme is not properly written, it generate lots of 404 errors when visitor visits your page, so you or Google being blocked.

Goto menu > Security > Intrusion Detection. You may need to set a higher value for the Error Threshold, or perhaps totally disable the Enable 404 Detection.

Actually, too many 404 errors can mean you’re under hacking attacks. This Better WP Security will try to block the attempts and show an ‘error’ message. But sometimes it can be happen due to not properly written plugins or theme, or wrong settings (permalinks for example).

@handoko – I don’t normally butt in, but I see you saying this over and over in several different Threads – “I can think a very possible cause is, one of your plugin or theme is not properly written, it generate lots of 404 errors”. I think that this is a bit misleading for folks.

404 errors are a completely normal thing that occur with any website. You are always going to have 404 errors from time to time. The most common cause of 404 errors is that some other website that has created a “bad” link to your website, which is causing the unintentional 404 errors. Yes, you are correct about malicious/intentional 404 errors created to cause problems for another website, but the majority of 404 errors are just someone making a mistake.

If someone moved a post or page and it is not automatically being handled already by WordPress then the site owner should create a RedirectMatch 301 htacess rule so that the 404 errors no longer occur.

Examples:
RedirectMatch 301 ^/old-category/my-old-post$ /new-category/my-new-post$1

subfolder redirect
RedirectMatch 301 ^/website-folder-name/tag/403$ https://www.example.com/website-folder-name/

root site redirect
RedirectMatch 301 ^/tag/best-wordpress$ https://www.example.com/

Okay, perhaps I use the wrong words, I admit. I’m sorry.

As you said, majority of 404 errors are just someone making a mistake. The possibility are:

– The webmaster, move/delete a post/page. Or change the settings but without update (for example, using caching plugin you may need to clear the cache)
– The plugin/theme writer hardcoded wp-content directory, so 404 errors may happens if you change it
– The plugin/theme writer request a file (usually image) that is really not exist.

I have some experiences, saw 404 errors that a plugin requesting a file that was not exist, and in other case it requesting a hardcoded wp-content directory. I contacted the authors using support forum, and yes, they fix them.

404 errors are a completely normal thing that occur with any website.
Yes, but if the user configures things properly and the authors being more careful writing the code, it should not happen. Except hacking attempts, trying to scan website’s vulnerability (like timthumb).

I’m not a security expert. I’m not try to defend myself. I do know the words I used might be a bit misleading. English is not my native language. I will more careful next time. Thanks for warning me.

I was just concerned that folks would think that all 404 errors come from plugins and themes. Yep your are right that some definitely do come from plugins and themes, but most of them come from external sources. Like another website is linking to an old link on a site or just created a bad link to a site. So I was just pointing that out. I hope I did not offend you. That was not my intention. Just wanted to make sure folks are getting all the info regarding 404 errors. ??

I recently spent a month of ongoing cleanup of 404 errors because some site (no names) was grabbing my site URLs for the purpose of stats and ranking postings, but that sites code was fubar and was mixing up the URL’s with different sites. Had to clean up over 4,000 404 errors over a month. Grrr.

I didn’t feel being offended. When I typed about plugin/theme authors could be the possibility, I really thought it could be misleading. It sounds like the authors are to be blamed. I really didn’t mean so, I just want to suggest users to contact the authors as what I did, so the result: the better codes.

Perhaps, I’m lacking experiences. Most of my 404 errors (except from hackers) are hardcoded wp-content, I changed my content directory. I ever deleted a post, I saw Google keep coming back every several weeks for it. So now, I won’t delete or rename any post/page. That’s why this kind of 404 errors (deleted/moved links) are very seldom on my sites.

Thanks for pointing it out.

We all here just want to share experiences hope can be useful for others. You did good jobs, your plugins are great. I ever thought to use it, but I prefer this Better WP Security. You mentioned BulletProof Security can work harmonious with Better WP Security, that’s great unfortunately I don’t want to install to many plugins which my slowdown or consume lots of my server resources.

Ok good I thought I might have offended you. Thanks for letting me know I did not. ??

Thank you both Handoko and AITpro for sharing your knowledge. I use the plugin on multiple websites. I had this problem on 1 website; the blank pages with the little word ‘error’ in the left corner and the issue; Googlebot blocked.
On this particular website I had also installed the plugin Google XML Sitemaps. Do you guys think that this causes a conflict?

My suggestions are:

– Whitelist Googlebot immediately. Goto menu > Security > Instrution Detection > 404 White List > put the IPs there. You may need use this link to check who is the IP:
https://www.projecthoneypot.org/search_ip.php

– If you see the word ‘error’, it can mean your IP has been blocked. You may need to (temporary) disable Blacklist Repeat Offender before you’re banned from your website. Goto menu > Security > Instrution Detection > disable Blacklist Repeat Offender.

– Do you use any caching plugin? Empty all the caches. We should always empty the caches after changing configurations, install/activate/deactivate plugin.

– Did you recently move your website to another webhost? Or did just rename or delete any post/page? These may cause 404 errors because someone (or Google) may have link to the missing URL.

– Did you change your wp-content directory (menu > Security > Content Directory)? This may cause 404 errors. You need to examine your logs to see if it your issue.

– Examine your logs, goto menu > Security > View Logs. You need to study the pattern. What IPs appear most frequently? Where did they came from? What were they requesting? Are they human, crawlers or bots? Use ProjectHoneyPot to check:
https://www.projecthoneypot.org/search_ip.php

– If the IPs are bad (can be checked using ProjectHoneyPot), you may need to ban it. Goto menu > Security > Ban Users > Enable Banned Users and put the IPs in Ban Hosts.

– Apple device users can cause 404 error. Are apple-touch-icon being mentioned in your log?

It’s hard to say what is the cause of your problem without examine your logs. It might be intrusion attacks from hackers or only a simple mistake which is nothing to worry. Recently, I did see bad bots faking tobe GoogleBots using IP spoofing technique.

I use Google XML Sitemaps too, have no problem working with Better WP Security.

Thank you for your comprehensive manual!

Sorry, it took a while before I dared to install the plugin WP Better again.
Unfortunately, now I have the same problem on a second website: white page with ‘ error ‘ in the top left corner.

I’ve looked at the Logs and put my own IP address on the White list. But it seems to me it is not intended to put IP addresses of Google bots on the White list… I can’t find them and moreover, I think they change all the time.

Yes, in my log ‘apple-touch-icon’ was being mentioned, but what should I do about that? It is quiet a job to keep an eye on all the bad IP addresses and to put them on a black list manually…

I do not use a Cache plugin.
Where can I clean up any Cache?

On this second website I never used Google XML Sitemaps, so fyi this plugin is not causing any problems in combination with Better WP Security.

For the issue of “white page with error”, you can find more info here:
https://www.ads-software.com/support/topic/site-eror

For apple-touch-icon issue, read here:
https://www.ads-software.com/support/topic/receiving-so-many-site-lockout-notifications

Normally you don’t need to whitelist GoogleBots. You may need to do it if your website is having too many 404 errors. Having too many 404 errors may mean there is something wrong in your website, you should inspect and fix it. So whitelisting GoogleBots is not the best thing do do, but a quick temporary fix to avoid Google being banned from your website.

If you don’t use cache plugin, you don’t need to do any cache cleaning. Almost all caching plugins do have a button for user to empty the cache.

it took a while before I dared to install the plugin WP Better again.
You may need these info:
https://www.ads-software.com/support/topic/it-seems-very-risky-to-use-this-plugin

Hi,

First of all this is a really cool plugin. I have been getting the Googlebot IPs locked out as well. On lookup it seems this is a real google ip being blocked – 66.249.75.146.

My setup is a copy of my site on a test acct., with a real domain pointed to it for accurate testing and dns config testing. I also have the WP install set to “Discourage search engines from indexing this site”. Not sure if that settibng would come into play at all but I thought I would mention it.

Once I can configure this plugin such that it will not interfere with googlebot I will use it. Is adding IPs to a white list the only mechanism besides disabling this feature?

Thanks.

Sorry, I’m not very understand, English is not my native language.

You said you have a copy site for testing purpose, with a real domain pointed to it.

– Why a real domain pointed to a test site
– Why Googlebot visits you test site, even you have discourage the visits
– Why you care Googlebot being lockout from your test site

I personally think, for testing purposes you should not let any real domain (or webiste) pointing to the test sites. Because it may invite Google and others to crawl your page.

If you have turned on “Discourage …”, Google should not visit the site. But if Google really visited your test site, you no need to care Google being blocked (locked out) from the test sites. Because if it really crawls the pages, it may have duplicate content problems (you said it is a copy of the ‘real’ site).

Hi,

Thanks for the response. Ahh the domain is disabled now and we use IP. The domain was needed for some complex DNS setup that we had to mimic and test in a test environment. That has been disabled so no worries.

The only question I have is this –

Is the white list the only way to allow the googlebot IP? I do not want to enable this plugin on my live site if this may happen. What if google bot gets a new IP? How will the plugin add it to the white list?

I ask my question because I want to know the answer BEFORE I use this plugin on the live site. I think that is the obvious way to approach this.

Whitlisting is the only way I know to prevent Google from being blocked by this plugin. To do it: goto menu > Security > Intrusion Detection > 404 White List, put the IPs there.

You might consider to totally disable the 404 Detection, so it won’t block Google and also other crawlers. To do it: goto menu > Security > Intrusion Detection > disable the Enable 404 Detection. But the problem is, by doing so, you will be less protected.

There are the IPs of crawlers ever touched my sites:
– 157.55.32.107 Bingbot
– 157.55.33.44 Bingbot
– 157.55.34.183 Bingbot
– 65.55.52.95 Bingbot
– 65.55.52.113 Bingbot
– 65.55.213.192 Bingbot
– 66.249.73.144 Googlebot
– 66.249.76.1 Googlebot
– 66.249.76.5 Googlebot
– 66.249.76.201 Googlebot

For make things easier, you can use wildcard (*), for example:
66.249.76.*

Some note:
Normally, Google should not being blocked or locked out from your websites. If it happens, you should check what causes it. Simply whitelisting it is the quick solution but not the best thing to do.