I cannot hide login page
-
Hi,
my web site is under brute force attack since October.
Better-wp-security logs hundreds of failed login attemps every day.I’m trying to improve my web site security following the better-wp-security directions, so I did almost everything suggested but my site is still under attack.
I suppose that the main issue is that I cannot hide the login page.– Hide backend options are ON
– I changed the name of login, admin and register slugs
– I modified my .htaccess file as suggested here (http://wordpress.org/support/topic/after-enabling-hide-backend-still-i-am-getting-bad-login-attempt-how)but I suppose that my login page is still visible to the hackers.
Any suggestions?
Thanks!
Tom
-
Hello.
The modified .htaccess seems work correctly on my tests. Can you post your website address here? I would like to test to know is that rewrite rule working or not.
Also, you might want to put a list of bad IPs in your Banned Users section.
My website was under attacked by login attempts many times everyday. So I installed a plugin to view the visitors’ IPs. After some months of careful analyzing the data, now I have a list of the bad IPs.
By putting the list into the Banned Users, my website now never visited by brute force login attackers. You can get the list on this thread:
http://wordpress.org/support/topic/how-to-ban-admin-loginsHi,
My web site is http://www.nonsolopiccante.it
I’m using also a huge ip address blacklist since attacker’s ip addresses change everyday, but it doesn’t solve my problem.
thank you for your help!
Tom
I tested your website by using this url:
http://www.nonsolopiccante.it/wp-login.php?loggedout=trueI received a 404 error (page not found), it means the trick works. If you still get bad login attempts, I may suggest you:
Goto the Hide Backend section, change the Login Slug. Don’t use “login” nor “user”, that too common. But use something hard to guess like “mysecretlogin”.
Some hackers may already know your secretkey, so it is good to enable the Generate new secret key to let the plugin randomly change the key for you.
But remember if you click the save changes, the plugin will revert back to its default value so you need to modify the .htaccess again.
You may consider to use Bad Behavior plugin, it will stop many bad bots that accessing your website including the autologin who try to brute force login to your website.
http://wordpress.org/extend/plugins/bad-behavior/
- The topic ‘I cannot hide login page’ is closed to new replies.