WordPress.org

Ready to get started?Download WordPress

Forums

Stealth Login Page
[resolved] Did not help (10 posts)

  1. klartext-ne
    Member
    Posted 1 year ago #

    Hello, there are still some external login. How is this possible? I did exactly what you wrote.

    http://wordpress.org/extend/plugins/stealth-login-page/

  2. Marcus Tibesar
    Member
    Posted 1 year ago #

    I'm confused as to how this plugin works.

    My site is a private website which requires ALL users register and login.

    Would this plugin prevent ALL users from logging in?

  3. ThemeMee
    Member
    Posted 1 year ago #

    Jessie,

    Thank you for creating the Stealth Login Page plugin! It seems to work when I test it. (And I SO want this to work!) However after installing it, I still had someone get locked out by the "Limit Logins" plugin. From my (very) limited knowledge, that doesn't seem possible. WP 3.5.1

    Any thoughts or updates?

  4. gjefle
    Member
    Posted 1 year ago #

    Same thing here - I've installed Stealth Login, created a "secret" login page but Wordfence is still locking out invalid users, which I assume to be bad bots. What's going on?

  5. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    Everyone please look at your server logs. Line up the IP addresses of those offenders and see what paths they used. If they are already IP-logged from before, it's possible that the plugin is kicking them out before my plugin.

    I'm using this on sites with both of the login attempt plugins I mentioned with just 1 lockout today on my most-visited site for attempting "admin." I will check my logs if you check your logs.

  6. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    Here are two of mine and they don't make sense yet. I am investigating it with my fellow developers whom I trust to dig in with me.

    88.230.88.135 http://www.petersenmediagroup.com - [11/Apr/2013:21:44:55 +0000] "POST /wp-login.php HTTP/1.1" 302 3889 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)"
    88.230.88.135 http://www.petersenmediagroup.com - [11/Apr/2013:21:44:56 +0000] "POST /wp-login.php HTTP/1.1" 302 3889 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)"
    88.230.88.135 http://www.petersenmediagroup.com - [11/Apr/2013:22:21:01 +0000] "POST /wp-login.php HTTP/1.1" 302 3888 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)"
    88.230.88.135 http://www.petersenmediagroup.com - [11/Apr/2013:22:21:01 +0000] "POST /wp-login.php HTTP/1.1" 302 3938 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)"

    ------

    76.253.78.54 http://www.petersenmediagroup.com - [12/Apr/2013:02:51:53 +0000] "GET / HTTP/1.1" 200 5675 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31"
    76.253.78.54 http://www.petersenmediagroup.com - [12/Apr/2013:02:51:53 +0000] "GET / HTTP/1.1" 200 5675 "http://www.petersenmediagroup.com/" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31"
    76.253.78.54 http://www.petersenmediagroup.com - [12/Apr/2013:02:51:53 +0000] "GET /wp-content/themes/minimum/images/logo-image.png HTTP/1.1" 200 3418 "http://www.petersenmediagroup.com/" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31"
    76.253.78.54 http://www.petersenmediagroup.com - [12/Apr/2013:02:51:57 +0000] "GET /wp-admin HTTP/1.1" 301 251 "-" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31"
    76.253.78.54 http://www.petersenmediagroup.com - [12/Apr/2013:02:51:57 +0000] "GET /wp-admin/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31"
    76.253.78.54 http://www.petersenmediagroup.com - [12/Apr/2013:02:51:57 +0000] "GET /wp-login.php?redirect_to=http%3A%2F%2Fwww.petersenmediagroup.com%2Fwp-admin%2F&reauth=1 HTTP/1.1" 302 3026 "-" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31"
    76.253.78.54 http://www.petersenmediagroup.com - [12/Apr/2013:02:52:01 +0000] "GET / HTTP/1.1" 200 5675 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31"
    76.253.78.54 http://www.petersenmediagroup.com - [12/Apr/2013:02:52:02 +0000] "GET / HTTP/1.1" 200 5675 "http://www.petersenmediagroup.com/" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31"
    76.253.78.54 http://www.petersenmediagroup.com - [12/Apr/2013:02:52:22 +0000] "POST /wp-login.php HTTP/1.1" 302 1576 "http://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31"
    76.253.78.54 http://www.petersenmediagroup.com - [12/Apr/2013:02:52:43 +0000] "POST /wp-login.php HTTP/1.1" 302 1576 "http://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31"
    76.253.78.54 http://www.petersenmediagroup.com - [12/Apr/2013:02:53:02 +0000] "POST /wp-login.php HTTP/1.1" 302 1575 "http://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31"
    76.253.78.54 http://www.petersenmediagroup.com - [12/Apr/2013:02:54:36 +0000] "POST /wp-login.php HTTP/1.1" 302 1600 "http://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31"
    76.253.78.54 http://www.petersenmediagroup.com - [12/Apr/2013:02:55:13 +0000] "POST /wp-login.php HTTP/1.1" 302 1578 "http://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31"

  7. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    Brandon Kraft and I figured it out. It would appear that bots can attempt to POST the login form credentials via the address bar, never actually gaining access to the login page.

    This illustrates that it is still important to have a strong login and to continue to use login limiting plugins, so Stealth Login Page is one of a 3-prong approach.

  8. ThemeMee
    Member
    Posted 1 year ago #

    OK, makes sense. Thanks for the effort and research. Appreciate your help in making the WordPress community more secure.

  9. Jesse Petersen
    Member
    Plugin Author

    Posted 1 year ago #

    It's my pleasure. I'm a stickler for security and wanted to share this beyond my own clients who are on my host.

    I will be working with some other developers to see if there is a way to kill that method entirely. Then it will be an ultimate security method.

  10. gjefle
    Member
    Posted 1 year ago #

    THANK YOU! I have to say, the day after installing your plugin, the number of alerts I received from wordfence dropped dramatically. I'm glad you guys were able to figure out why there were still some sneaky little buggers trying to gnaw their way in - KUDOS to you guys!

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.