WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
How can I have 154 bad login entries if I hid my login page? (9 posts)

  1. nununo
    Member
    Posted 1 year ago #

    Hi,

    I have recently installed BWPS.

    One of the things I did was to hide my login and admin pages.
    That was yesterday.
    Today I have 154 bad login entries with username admin.
    How can this be possible if the login page is now hidden?

    Thanks in advance,
    Nuno

    http://wordpress.org/extend/plugins/better-wp-security/

  2. Handoko
    Member
    Posted 1 year ago #

    Hacking attempts. I'm sure, 100%. Me too have lots of such things.

    This plugin make all hacking attempts for login fail to login. But it keeps a log for you to see, analyze or take necessary actions (IP banning). This is how this plugin works.

    Now, we can see how useful this plugin is. Thanks to the author.

  3. nununo
    Member
    Posted 1 year ago #

    I see. So, I guess the plugin is smart enough to infer that those are login attempts even though they don't even get to see the login page. ok.

    Thanks!

  4. edradour
    Member
    Posted 1 year ago #

    You'll have to have a login page, even if it's your.url/login, and that's guessable.

    The thing you've done right is either make the admin password obscure, or, better, removed the admin user.

  5. Handoko
    Member
    Posted 1 year ago #

    Oops, I made a mistake. I said:
    "This plugin make all hacking attempts for login fail to login."

    I was wrong, the truth is:
    This plugin fails to hide some logins because some hackers have already know the secrets. There is a bug in this plugin.

    I thought this bug has been fixed, but it's not. This issue have been discussed many times. For more info, please read:
    http://wordpress.org/support/topic/plugin-better-wp-security-bypass-to-login-hide-or-hide-backend

    Things we can do for this issue:
    - Remove admin user (as suggested by edradour)
    - Use long and difficult to guess password
    - Manually block bad IPs
    - There is a quick (temporary) I suggested as in the link I give

  6. chetan0412
    Member
    Posted 1 year ago #

    how to know IP, means who is tying to login to as admin???

    n m getting problem like after trying more than 3 time(with admin username) hacker ip is not blocking,

    even i have installed "Who's Online" plugging in that not showing ip of hacker.

    hows its possible?

  7. nununo
    Member
    Posted 1 year ago #

    @Handoko: a bug... and do you know if this bug is solved or will be solved any time soon?

  8. Handoko
    Member
    Posted 1 year ago #

    @chetan0412

    To know the IP, you may:

    - Login to your cPanel, choose phpMyAdmin, select your database, then choose ??bwps_log table. That is the log with all details.

    - Login to your cPanel, choose Latest Visitors and select your database, you may use search filter to limit the result.

    - Use Adminer plugin if you don't want to access cPanel.

    @nununo

    So far as I know, this bug still not solved. I monitor this forum frequently, it seems the author of this plugin is busy preparing the release of version 4. Here you can read the info:
    http://wordpress.org/support/topic/suggestions-and-bwps-40

  9. nununo
    Member
    Posted 1 year ago #

    Thanks Handoko.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.