In
my last few posts I’ve pondered the issue of how insecure WordPress installations have become. Here’s an interesting thing to try if you run a Wordpress site; install the
404 to 301 plugin and in its settings check the “Email notifications” option and enter an email address in the “Email address” field. Now, whenever a nonexistent URL is requested, you’ll get notified and, at least for me, it’s been pretty interesting to see how hackers attempt to enter my WordPress installations.
I installed this plugin on one of my projects,
vaporregistry.org (it’s due for a major architectural refresh in the next few weeks), and I’ve been collecting these 404s, the majority of which are obvious hack attempts because they’re requests for resources that don’t exist on my site.
