My custom 404 page does not work
When you configure how WP Cerber blocks unauthorized access to the default login page and your WordPress dashboard, you can select how to render the 404 pages for those locations. It can be either a simple, plain 404 page or a custom 404 page styled and rendered by the active theme or even a visual WordPress page builder.
Unfortunately, not all 404 pages generated by visual page builders are compatible with WP Cerber. In such cases, the only option you have is to select “Display simple 404 page”. This page is not elegant as it could be in case of rendering it by your theme, but in the vast majority cases, WP Cerber renders 404 pages for bots and cybercriminals when they try to access to prohibited areas on your website. With proper website navigation and menus in place, your customers and website visitors never see this 404 page or see it on a rare occasion.
Why the simple 404 page is better
Using a basic 404 page is a better option in terms of performance. When it comes to rendering a fancy 404 page for an occasionally lost visitor, it does not consume a lot of server resources, since visitors do not get lost all the time.
We have a different situation when we come across a hacker attack with numerous unauthorized and malicious requests. For instance, a brute-force or a DoS attack. For each of those requests, WP Cerber loads your active WordPress theme and, in some cases, a visual page builder just to render a fancy 404 page to be shown to cybercriminals or bots. Those attempts to break into your website can easily bring your web server down to its knees.
Another advantage of using simple 404 pages is better security because it makes it harder for attackers to retrieve information on what exactly software and security mechanisms are used on the website and how to bypass them in a less complicated way.
That’s why for all our web projects, we configure WP Cerber to use a simple 404 page.