What is a 404 page? A 404 page is actually an error message that displays for pages that don’t actually exist on a website. A 404 page usually reads “Page Not Found” but you can also find examples of funny 404 pages that have been customized to give website visitors a better experience.
In this post, we will look at why 404s can be a problem for website owners and how to fix them.
Why are 404 pages a problem for website owners?
Besides being a headache for website visitors, traffic to 404 pages can actually be an indication of something more nefarious. If you’re getting a bunch of people hitting 404 pages repeatedly, this might mean that it’s actually a bot looking for a vulnerability to exploit on your site, not a legitimate user searching for content.
How do I fix a 404 page?
There are several ways to fix a 404 page, including using a security plugin.
1. Solve with a WordPress Security Plugin
The iThemes Security plugin has a feature just to handle 404 pages. 404 Detection looks at a user who is hitting a large number of non-existent pages and getting a large number of 404 errors. It assumes that a user who hits a lot of 404 errors in a short period of time is scanning for something (presumably a vulnerability) and locks them out accordingly.
This also gives the added benefit of helping you find hidden problems causing 404 errors on unseen parts of your site as all errors will be logged in the View Logs page. After you enable the feature you’ll have several options to help tailor configure it.
Minutes to Remember 404 Error (Check Period)
The Minutes to Remember 404 Error feature allows you to determine when the system should forget that the user hit a 404 page. This means if a customer hits 20 404 pages (or the amount you have set in the Error Threshold setting) within the timeframe you set, they will be locked out.
Error Threshold
The numbers of errors (within the check period time frame) that will trigger a lockout. Set to zero (0) to record 404 errors without locking out users. This can be useful for troubleshooting content or other errors. The default is 20.
404 File/directory White List
Use the whitelist above to prevent recording common 404 errors. If you know a common file on your site is missing and you do not want it to count towards a lockout record it here. You must list the full path beginning with the “/”.
Ignored File Types
File types here will be recorded as 404s but not lead to a lockout.
2. Use 301 Redirects
To redirect individual pages on your website, you use 301 and 302 redirects. A 301 redirect is a permanent redirect, and a 302 redirect is a temporary redirect. These redirects tell the server to send traffic to the new location. They also tell website visitors and search engines where the content has moved. An easy way to do this is with .htaccess files.
.htaccess is a hidden file that is commonly located in your web site’s public_html folder. Your website’s .htaccess file may already contain important settings. If your .htaccess file has existing settings, add the new code to what is already there. Do not delete the existing .htaccess file unless it is empty or you are absolutely sure it is okay to delete.
If you’re having trouble with .htaccess settings, don’t hesitate to contact our Heroic Support team. Some customized settings might require your web developer, but we can help with many .htaccess questions.
To edit your .htaccess file, you will need to re-create the file yourself and upload it to the server using SFTP. Before making any changes to configuration files, we strongly recommend you make a backup of the file. Once you’ve decided what you want to add to your .htaccess file, follow these simple steps:
- 1. Log into your server via SFTP.
- 2. Locate and download your .htaccess file. It will usually be located in your content folder. If you don’t have a .htaccess file, you can create a file called .htaccess on your computer to hold your configurations.
- 3. Open the file via your favorite text editor
- 4. Add these lines to your file:
# enable basic rewriting RewriteEngine on
- 5. Then copy and paste your new configurations into the .htaccess file and save the file.
- 6. Upload this back to the directory you originally took your .htaccess file from.
- 7. Test your work by going to your website and viewing the pages you wanted to redirect.
Redirect Web Pages and Whole Websites to Solve 404s
To redirect individual pages on your website, you use 301 and 302 redirects. A 301 redirect is a permanent redirect, and a 302 redirect is a temporary redirect. These redirects tell the server to send traffic to the new location. They also tell website visitors and search engines where the content has moved.
Redirect 301 /old.html http://www.mysite.com/new.html
Replace /old.html with the directory path of your old page and http://www.mysite.com/new.html with the URL of your new page. This will send any visitors who want to access mysite.com/old.html to the page mysite.com/new.html.
You can also redirect a whole website this way.
Redirect 301 / http://www.mysite.com/
This approach is often used to change an existing domain to a new domain name.
404 Pages Solved
Using the methods above, hopefully you can solve the problem of 404 pages on your website.

Each week, the team at iThemes team publishes new WordPress tutorials and resources, including the Weekly WordPress Vulnerability Report. Since 2008, iThemes has been dedicated to helping you build, maintain, and secure WordPress sites for yourself or for clients. Our mission? Make People’s Lives Awesome.