When two plugins are working on the same part of WordPress, there can be some incompatibilities — since the plugin you mentioned replaces 404’s with 301 redirects, it probably does that before Wordfence would normally count the 404’s. Wordfence would need the 404’s to actually show the user a 404 page, to be able to process them.
If your site often gets requests like that (if you’re being targeted more than some others), you could use the “If a crawler’s page views exceed” or “If anyone’s requests exceed” firewall option to limit visits based on how many pages they request — I think this should work in your case still, since that portion of Wordfence runs earlier, but it depends on how the other plugin works. I would start with a fairly high limit, so real crawlers don’t get blocked inadvertently.
You might also want to set “Maximum email alerts to send per hour” to a fairly small number, so you don’t get overloaded with Wordfence emails instead. If the attack was all from one IP, you shouldn’t get a ton of duplicates, but it will be better to have the limit in case they change tactics.
-Matt R
Thread Starter
stefhz
(@stefhz)
Hi Matt – Thanks for the detailed response. Since 404 errors is one of those issues every admin and web designer needs to take care of (to keep Google et al. happy – and the clients), I wonder how else a custom 404 page could be integrated via WordFence if not via a plugin.
One thing I learned over the many years doing this, is to NOT rely on uncertainties, and while the settings you suggest are great, they leave quite some room for uncertain behavior. So I am looking for a way to make this solid and work reliably (peace of mind).
What I like about the 404 plugin is its functionality:
1) custom 404 page
2) notifications (for immediate reaction)
3) log of all 404 events in a db table, i.e., can be extracted and used for analysis
I did not see any way that can be done with WordFence – is there?
Right, Wordfence does not provide custom 404 pages or notifications for each hit, and it sounds like the 404 plugin you are using should be good for the purpose you need.
The rest of Wordfence’s features should work fine with the 404-to-301 plugin, but since the other plugin is actually changing the server’s response before Wordfence gets a chance to log it (and block it if there are too many), I don’t think there is any way to use both features together.
I understand the benefit of using the redirects for this purpose though. I took a quick look at the plugin — I’m not sure if this helps, but if you were to make a custom 404.php in your theme (or child theme) to display the content you want visitors to see, and disable the redirects in the 404 plugin’s options, it looks like you could still get the notifications and logs. (I know Google would still see the 404’s that way, but that can also help them stop indexing bad/old links, while the custom 404.php template will give your users the same experience as the redirect.)
-Matt R
Thread Starter
stefhz
(@stefhz)
Thanks for the suggestion and the effort! Very much appreciated.
Will definitely have a look at all this.
In an ideal world, I guess there would be a coexistence of plugins, where one (WordFence) would be the master and integrate others (e.g., 404 plugins) and handover the event to any configured plugin… but I guess that’s one thing WordPress is not designed to do, or leaves up to the plugin dev community…
Thanks again for your efforts! You rock!
Thanks for the feedback! And yes, the community is very open, so it does often lead to conflicts between the parts of various plugins — sometimes it’s amazing how many of them still do work well together.
-Matt R
