Can Brute Force Attack Figure Out Wp Login URL After It’s Been Changed? | WordPress.org

Christopher Panny
(@cpcreativestudio)

3 years, 11 months ago
If the wp admin login URL is changed (via plugin), can a bot or hacker figure out the new URL by using a method similar to a brute force attack?
- This topic was modified 3 years, 11 months ago by Christopher Panny.

Viewing 3 replies - 1 through 3 (of 3 total)

Liew Cheon-Fong
(@lcf)

3 years, 11 months ago

There are other ways to brute force attack, such as xml-rpc, WP JSON API

changing login url reduces the brute force attack attempts from lazy bot/hacker but it is not a login protection.

Thread Starter Christopher Panny
(@cpcreativestudio)

3 years, 11 months ago

So is there a way to put a cap on how many times a bot/hacker can try searching for the login page?

Moderator Jan Dembowski
(@jdembowski)

Forum Moderator and Brute Squad

3 years, 11 months ago

Moved to Fixing WordPress, this is not an Everything else WordPress topic.

If the wp admin login URL is changed (via plugin), can a bot or hacker figure out the new URL

Yes, and the brute force part does not matter. Moving the login does not work ever because there are other ways to log in via XML-RPC, getting re-directed via admin URL attempts etc.

Moving the login URL just makes your site unsupportable and had nothing to do with security. Use strong passwords and enable two-factor authentication via a plugin.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Can Brute Force Attack Figure Out Wp Login URL After It’s Been Changed?’ is closed to new replies.

Tags

brute force attack

In: Fixing WordPress
3 replies
3 participants
Last reply from: Jan Dembowski
Last activity: 3 years, 11 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics