WordPress.org

Ready to get started?Download WordPress

Forums

Excessive requests for login.php by one ip address (10 posts)

  1. MikeHarrison
    Member
    Posted 2 years ago #

    How should I consider repeated (many) requests for my login.php page by one (foreign) ip address?

    Could this be just an innocent bot, or might it be a hacking attempt?

    What would be a means of preventing this?

    Thanks!

  2. Peter Wooster
    Member
    Posted 2 years ago #

    It sounds like a hacking attempt, especially if the IP is Russian or Chinese. Have you tried looking the url up on Google to see if it's a well known spammer?

    /peter

  3. MikeHarrison
    Member
    Posted 2 years ago #

    Thanks, Peter.

    This has happened twice. On this most recent incident (yesterday), I found the IP address to be apparently located in Thailand. My site stats tell me there are a several referrals every day from Russia and China, but yesterday's incident - requests for specifically for the login page - was made many, many times.

    I'm using the plugin 'Limit Login Attempts,' but it hasn't shown any actual lock-outs, so I guess what I'm seeing is just repeated accesses to the login page itself.

    In the interim, I've denied access by this IP address to the entire site with my htaccess file.

    Is there anything else/more I should be doing?

    Thanks!

  4. govpatel
    Member
    Posted 2 years ago #

    You can use Login LockDown it locks the ip after number attempts default is set 3 in 5mins

  5. Peter Wooster
    Member
    Posted 2 years ago #

    Locking the ip out using htaccess is a good idea.

    There are always a few of these, when I worked for a large financial firm, our site was written in symfony and we got attempts at wp_login.php all the time, even though we didn't have a file by that name.

    /peter

  6. Pioneer Valley Web Design
    Member
    Posted 2 years ago #

    even though we didn't have a file by that name

    ...interesting thought!

  7. Peter Wooster
    Member
    Posted 2 years ago #

    I meant wp-login.php, but we didn't have wp* in the system as it wasn't WordPress. The hackers tried a lot of likely names, phpinfo.php was another favourite.

    /peter

  8. MikeHarrison
    Member
    Posted 2 years ago #

    @govpatel: Thank you! I just checked your suggested plugin, but I found it is apparently compatible only up to WP v2.84 (I'm at 3.1.4).

    And, again, the IP address in question has only accessed the login page (numerous times), but they apparently have not yet attempted to login.

    I'm willing to bet that - by now - the would-be hacker would have attempted to access using a different IP address. I won't know until I receive my site stats tomorrow morning.

    Thanks everyone. Your help is very much appreciated!

  9. govpatel
    Member
    Posted 2 years ago #

    I am using the plugin on Version 3.3.1

  10. Try http://wordpress.org/extend/plugins/limit-login-attempts/ That will stop multiple hits from any IP.

Topic Closed

This topic has been closed to new replies.

About this Topic