One of the tactics that hackers use is to fish for vulnerabilities. For example, you may see this in your logs:
https://mydomain.com/wp-content/plugins/gravityforms/css/formsmain.css
You may see that and say, "I don't have GravityForms installed." There is a known vulnerability in older versions of GravityForms that can be used by hackers to install malware. Seeing that in your log means that a hacker is checking to see if your website may have that vulnerability.
If you take note of the hacker's IP address and search the logs for other entries from the same IP address, the chances are good that you'll see other similar entries associated with other plugins with known vulnerabilities. It's time to block that IP address.
Probably the most popular tool for performing these tasks is Wordfence, a free WordPress plugin with an inexpensive premium option that allows your copy to access a global database of known hacker IP addresses.
Wordfence automatically logs all 404 errors. You can then examine the list and block the suspicious IP addresses.
Recent Comments