I see weird ‘security’ or login attempt errors on my site?

ANSWER: Either with the free PHP Error Log widget we setup for our clients or within a third party plugin or dashboard such as Sucuri, WordFence, or etc you may occasionally see weird errors that don’t make sense. For example, it may say 404 Error for a certain CSS or TXT file for a theme or plugin that your site doesn’t even have, or it may say there are failed login attempts (etc) even though you haven’t been trying to login.

In summary, these are usually bots from hacking teams or other “bad” players that are testing thousands of WordPress websites across the internet to see if they have any security breeches, esp. in regard to themes or plugins their hacking team has determined are very insecure.

Because LittleBizzy servers have built in protection for brute force login attempts, along with DDOS protection via CloudFlare, along with locked down security settings within our Nginx and PHP-FPM configurations, there is very little you need to worry about. In fact we don’t recommend installing security plugins because they can slow down your website and don’t actually prevent most attacks from happening (instead, they usually warn you after the attack has taken place).

In addition, whether we maintained PHP Error Logs or not, those “fake” login attempts from bots would happen regardless. Again, unless these are happening like in the hundreds or thousands per day on your server, it’s usually nothing to be worried about. This is because anytime a brute force robot tries to login to our site more than once or twice they will usually see a CloudFlare 520 error page due to the 444 errors our Nginx configuration display as part of the login throttling we setup for our customers (which limits logins to less than one time per second).

More information:

520 CloudFlare error on WordPress login page?

Which security plugin(s) do you recommend?

Last modified:  28 Jul, 2016