How to Fix Common 404 Errors and Enhance WordPress Security

Have you come across an email from your Word Press site with these following types of 404 errors and found yourself baffled what to about it now?  If yes, then pay attention how you can go about fixing it in few simple methods.  One should note that it is impossible to fix 100% of the errors as the blog or your website actively keeps on updating with relevant content, to a large extent it is possible to reduce the errors and most importantly keep the bad actors trying to attempt to take over your website for any malicious reasons.   There is no dearth for such people in the world!

Here are few examples: 

• https://yourwebsite.com/maps/ss/k=maps.m.qTkC48dbKds.L.W.O
• https://yourwebsite.com/maps/js/k=maps.m.ru.eKOZDVJN_bw.2019.O
• https://yourwebsite.com/elfinder/connector
• https://yourwebsite.com/berlin.php
• https://yourwebsite.com/wp-content/plugins/wp-conflg.php
• https://yourwebsite.com/wp-content/plugins/awesome-coming-soon/come.php
• https://yourwebsite.com/wp-content/plugins/simple/simple.php
• https://yourwebsite.com/wp-content/plugins/not/includes/about.php
• https://yourwebsite.com/ee.php

It looks like your website is experiencing a range of 404 errors (page not found) across several URLs, and some of them are potentially linked to security or functionality issues. Here’s a step-by-step guide to fix these 404 errors and improve your site:

1. Reviewing Specific 404 Errors

Suspicious URLs and Patterns:

• Maps-related URLs (e.g., /maps/_/ss/k=maps.m.qTkC48dbKds.L.W.O/m=sc2,...)
• Admin/Configuration/Plugin URLs (e.g., /wp-content/plugins/wp-conflg.php, /wp-content/plugins/awesome-coming-soon/come.php, /wp-content/plugins/simple/simple.php)
• Unusual PHP files (e.g., /berlin.php, /ee.php, /autoload_classmap.php)

These might be related to:

• Broken links: Files that don’t exist anymore or are misspelled.
• Potential exploits: Some of these URLs, especially the ones pointing to PHP files in plugins or /wp-content/, look suspicious and may indicate malicious requests or old malware remnants.

2. Fixing and Redirecting URLs

• Fix Broken Links:

  • Check if these files (like /berlin.php, /ee.php, /wp-content/plugins/...) are intended to be part of your website.
  • If they are outdated or unused, remove them from your file system and update any internal links that point to these URLs.
  • If those files are needed, ensure that the URLs are correct and functional. If they were moved, set up 301 redirects from the old URLs to the new ones.

  Example for a redirect in .htaccess (Apache server):

  apache

  Copy code

  Redirect 301 /berlin.php https://proactivehomemakers.com/new-location

• Remove or Replace Suspicious URLs:

  • wp-conflg.php and similar plugin files might be related to compromised plugins or malware. Delete any suspicious PHP files (e.g., wp-conflg.php, awesome-coming-soon/come.php, simple/simple.php, etc.), especially if they are not part of your active plugins.
  • Backup your site before deleting any files, and scan your website for malware using a plugin like Wordfence, Sucuri Security, or MalCare.

• Redirect Known Malicious Files: If there are any malicious files, you can block access to them using .htaccess or server-level rules. For example:

  apache

  Copy code

  <Files "wp-conflg.php"> Order Deny,Allow Deny from all </Files>

• Fix Maps-Related Errors: The maps/_/ss/k=... URLs might be related to a map plugin or Google Maps integration that is malfunctioning. Check whether any maps-related functionality is broken on your site.

  • Verify the map plugin or code used, and ensure that the URLs are properly generated.
  • If the map is not needed, you might want to remove or disable the plugin or code that generates these URLs.

3. Check for Malware or Vulnerabilities

Files That Shouldn’t Be There:

Some of the 404 errors correspond to files that shouldn’t be present in a standard WordPress installation. These could be leftover or malicious files:

• Autoload Classmap: This is typically a file related to PHP autoloading used in frameworks like Laravel. If it’s in the wrong place (like /wp-content/), it may indicate a backdoor or malicious script.
• Admin.php and IXR/about.php: These are often targets for hackers trying to exploit vulnerabilities in older versions of WordPress or plugins.

Actions:

• Run a Full Malware Scan using a security plugin.
• Check for outdated plugins or themes that might be vulnerable. Update them immediately.
• Look for unauthorized users or admins in your WordPress dashboard.
• Update WordPress Core, Plugins, and Themes to their latest versions.

4. Check .htaccess Configuration and Permissions

• Ensure .htaccess is properly configured to prevent direct access to certain sensitive files (like wp-admin.php, autoload_classmap.php, etc.). A typical .htaccess to block malicious access might look like this:

  apache

  Copy code

  <FilesMatch "(wp-config.php|wp-login.php|wp-admin\.php|autoload_classmap\.php)"> Order Deny,Allow Deny from all </FilesMatch>

• File Permissions: Make sure your WordPress files have the correct file permissions. Here’s a basic guide:

  • Files: 644
  • Directories: 755

  Change permissions if necessary to prevent unauthorized access.

5. Fix Elementor and Font-Awesome Errors

• Swiper and Font Awesome Files: The 404 errors related to swiper-bundle.min.js.map and font files might be caused by a misconfigured Elementor setup. These are part of Elementor’s front-end design assets. If you’re seeing 404 errors for these files, try:
  • Reinstalling Elementor: This can fix any missing or corrupted assets.
  • Clear the cache: Both server-side and browser cache.
  • Regenerate CSS in Elementor (under Elementor > Tools > Regenerate CSS).
  • Check CDN: If you are using a CDN (like Cloudflare), ensure that it’s caching and serving files correctly.

6. Monitor and Block Malicious Traffic

If these errors are being triggered by bots or attackers, consider blocking access to specific IP addresses or using a Web Application Firewall (WAF) like Cloudflare to filter out malicious traffic before it hits your server.

7. Additional Recommendations:

• Enable 404 Logging: This can help track down where the requests are coming from and who is accessing these pages.
• Use Google Search Console: Check for crawling issues or broken links reported by Googlebot.
• Backup Your Site Regularly: Always keep regular backups, especially before making any changes.

Summary of Actions:

1. Check and remove broken or unnecessary files (especially those with suspicious names).
2. Set up 301 redirects for moved or changed pages.
3. Scan for malware and remove malicious files.
4. Ensure all plugins, themes, and WordPress itself are up to date.
5. Fix Elementor or Font Awesome file issues by reinstalling or regenerating CSS.
6. Harden your site by blocking unnecessary files and improving security.

By following these steps, you should be able to resolve the 404 errors and improve your website’s overall security and functionality.