In a Google Office Hours podcast, Google’s Gary Illyes answered a question about 404 Page Not Found errors that coincided with a drop in rankings.
Fake External 404 Errors
There are probably many reasons for 404 errors created by bots. One reason for those error responses could be that they are originating from automated scanners that are looking for files or folders that are typical for specific vulnerable plugins or themes.
Checking the the IP address and user agent of the bot that’s causing the 404 server error responses can also yield clues if those 404 responses are from automated scanning bots. If the IP address indicates it’s originating from a web host, or a Russian or Chinese IP address then it’s probably a hacker. If the user agent is an out of date version of Chrome or Firefox then that’s probably a hacker’s bot, too. That’s just one reason out of many.
Google Answers The Question
The person asking the question correlated a drop in rankings with 404 Page Not Found server responses.
This is the question that was asked:
“False 404 URLs hitting my website from external source, could this be related to ranking drop? What can I do to fix it?”
Google’s Gary Illyes responded:
“Fake 404s that Googlebot might’ve crawled cannot be reasonably attributed to a ranking drop. It’s normal to have any number of 404s on a site and you don’t have to fix them, though if you see in your analytics software that a larger number of actual users are also coming through those 404 URLs, I would personally try to convert them somehow by, for example, showing them some relevant content instead.”
Ranking Drops And 404 Page Not Found
Gary said that 404s are normal and unlikely to cause a drop in search rankings. It’s true that 404 errors are a common occurrence. In general that’s okay and most of the time there’s no need to fix anything.
404s That Are Generated By Actual Users
There are other cases where 404s are created by real people who are following a link from somewhere and getting a Page Not Found response. This is easy to diagnose by checking if the URL the site visitors are trying to reach closely resembles an actual URL. That’s an indication that someone misspelled a URL and the way to fix that is by creating a redirect from the misspelled URL to the correct one.
About The Drop In Rankings
Something that Gary didn’t mention but is worth mentioning is that there may be a small possibility that a bot did find a vulnerability and the 404s were caused by a scanner that was scanning for vulnerabilities before eventually finding one.
One way to check for that is to use phpMyAdmin, a server app, to view your database tables in the section for users and see if there’s an unrecognized user.
Another way, if the site is hosted on WordPress, is to use a security plugin to scan the site to see if it’s using a vulnerable theme or plugin.
Jetpack Protect is a free vulnerability scanner that’s created by the developers at Automattic. It won’t fix a vulnerability but it will warn a user if it finds plugin or theme related vulnerabilities. The paid premium version offers more protection.
Other trustworthy WordPress security plugins are Sucuri and Wordfence, both of which do different things and are available in free and premium versions.
But if that’s not the case then the ranking drops are pure coincidence and the real reasons lie elswhere.
Listen to the question and answer at 12:27 minute mark of the Office Hours podcast:
[embedded content]
Featured Image by Shutterstock/Asier Romero