WordPress.org

Ready to get started?Download WordPress

Forums

Rename wp-login.php
Failed After 1 Day (9 posts)

  1. AME Network
    Member
    Posted 3 months ago #

    Hi Janneke,

    Like many WP users, we're trying everything we can to stop brute force login attempts (we run a lot of WP sites). We were already using the Limit Login Attempts plugin, which helps but doesn't prevent these attacks, before finding yours. We tried your plugin on a couple of sites, where we cleared the previous login attempts list in LLA to 0. After one day having moved the login URL with your plugin, there have already been botnets that have found the new URL. VERY disappointing. Thought you would want to know.

    BTW, does anyone know how to *permanently* block IPs from any access?

    Thanks,

    AME Network

    https://wordpress.org/plugins/rename-wp-login/

  2. Janneke Van Dorpe
    Member
    Plugin Author

    Posted 3 months ago #

    Hi,

    Could you give a bit more information please? What are you renaming wp-login.php to? login? If so, of course they'll find it, many try login as it normally redirects to wp-login.php.

    If not, I'm up for investigating it on one of your sites.

    This plugin is installed on a website which had a few thousand attacks per month, and since then theres's not been a single lock out from Limit Login Attempts.

  3. AME Network
    Member
    Posted 3 months ago #

    Of course we did not rename it to *login* -- that would be pretty dumb (even though that's what you have the default set to, so many might mistakenly think that is what you suggest). How to you propose to investigate? And, thanks for the quick response!

  4. AME Network
    Member
    Posted 3 months ago #

    Hi Janneke,

    To further test this, we installed your plugin on a third site yesterday that has had a lot of LLA lockouts. Nothing so far, and the two sites we mentioned each had one lockout right after the URL change. It might be that these occurred pretty much simultaneous with the change, and so showed up later in the LLA logs. We'll continue to monitor these sites this week and let you know if there are any more lockouts. Hopefully not, and that would be wonderful. BTW, we really would recommend that you change the default value in the URL switcher to something other than *login*.

    Thanks again.

    AME Network

  5. Janneke Van Dorpe
    Member
    Plugin Author

    Posted 3 months ago #

    Thanks for testing this. Do let me know!

    The default is 'login' because that's what most people want it to be. Usually people rename wp-login.php for aesthetic reasons, not because of attacks.

  6. AME Network
    Member
    Posted 3 months ago #

    You're welcome, and we'll keep you posted.

    Maybe you should include a simple instruction not to use 'login' if they want it to be more secure? Just a thought. Cheers!

  7. AME Network
    Member
    Posted 3 months ago #

    Hi Janneke,

    Well there's good news and not so good. The good is that two of the sites we're running your plugin on have not had further lockout activity. The not so good is that one of the sites has three new lockouts from the same source. How would you suggest we investigate this? Thanks.

    AME Network

  8. AME Network
    Member
    Posted 3 months ago #

    Ok, well thanks anyway. We'll report here if there are additional issues in any case. Take care.

    AME Network

  9. thenightrider
    Member
    Posted 1 month ago #

    I found and installed the plugin not for aesthetic reasons, but solely to try to prevent login attempts (which has been defeated - bummer - see my post "Failed After 13 Days"). Just a datapoint for your list of why people install your plugin. I'm slightly surprised that people would think that ../wp.login.php or ../wp-admin is so aesthetically unpleasant - because it's just another URL, but all of us have different aesthetic sensibilities. Maybe that's why you originally wrote the plugin? Best regards and thanks for the plugin.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.