Brute force attack without wp-login.php file | WordPress.org

Giorgio
(@superhub)

10 years, 10 months ago

Hello there, we have a site under brute-force attack since ten/fifteen days.

The site is fully updated and we installed Simple Security Firewall (https://wordpress.org/plugins/wp-simple-firewall/) and Sucuri Security (https://wordpress.org/plugins/sucuri-scanner/).

The login form should be protected by captcha and G.A.S.P. protection.

The permissions settings are strict (750 and 640).

Even when I delete the wp-login.php file the attack continues. How is this possible? Are they able to try to login thru a backdoor?

What can I do to further protect the site?

Here you have a notification of a login attempt:

Subject: Failed Login
Login Info:
Time: July 21, 2015 7:00 am
Website Info:
Site: http://XXXXX.XXX
IP Address: 173.245.53.154
Notification:
User authentication failed: test
User wrong password:

If you need more info just ask, thanks!

Viewing 3 replies - 1 through 3 (of 3 total)

Thread Starter Giorgio
(@superhub)

10 years, 10 months ago

I can add that the site’s server is behind a nginx reverse proxy and we suspect XSS injection.

Thread Starter Giorgio
(@superhub)

10 years, 10 months ago

And the site runs behind CloudFlare!

leejosepho
(@leejosepho)

10 years, 10 months ago

I know nothing about “nginx reverse proxy”, “XSS injection” or CloudFlare, but I do know deleting wp-login.php will not stop anyone from requesting it. You might find some helpful info here:
https://wordpress.org/support/topic/wordpress-site-under-attack?replies=26

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Brute force attack without wp-login.php file’ is closed to new replies.

Tags

In: Fixing WordPress
3 replies
2 participants
Last reply from: leejosepho
Last activity: 10 years, 10 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics