Hi,
(1) How can I transfer (temporarily) Locked IP Addresses to Permanent Block List?
I think your best option is to blacklist the IP address.
(2) I tried to use Rename Login Page feature. New login URL directed to home page of the website instead of login screen. How can I correctly use this feature? Are there any special steps?
Can you provide more information. I don’t understand your question.
Thank you
Thread Starter
Anonymous User 5738192
(@anonymized-5738192)
Hi,
Thanks for a reply!
(1) I have already blacklisted some IP addresses. However, the blacklisted IP addresses do not appear on Dashboard/Permanent Block List. These blacklisted IPs appear on Dashbaord/Locked IP Addresses(temporarily block list).
(2) I tried to use Rename Login Page feature. For example, I changed my login page to https://theoff.info/Himalays/xyz*. When I used this new login page it was directed to https://theoff.info/ (my live home page) instead of https://theoff.info/Himalayas/xyz*. The renamed Login URL page should have the login screen featuring WordPress logo and UserName and Password text boxes. Is it not?
* This (xyz) is just a random name to explain the problem.
-
This reply was modified 3 years, 3 months ago by
Anonymous User 5738192.
Hi,
However, the blacklisted IP addresses do not appear on Dashboard/Permanent Block List.
The IP address is added to your .htaccess file which is the first line of defense.
When I used this new login page it was directed to https://theoff.info/ (my live home page) instead of https://theoff.info/Himalayas/xyz*.
Do you have a cache plugin running in your site or server? Do you have another security plugin or theme managing the login form?
Regards
Thread Starter
Anonymous User 5738192
(@anonymized-5738192)
Hi,
I do not have access to .htacess file.
I use a cache plugin and spam comments blocker plugin.
Regards
Hi,
I do not have access to .htacess file.
Are you saying that you can’t access your .htaccess file? What type of server is your site hosted in?
I use a cache plugin and spam comments blocker plugin.
If you are running a cache plugin, have you excluded the login form from getting cached?
Regards
Thread Starter
Anonymous User 5738192
(@anonymized-5738192)
Thanks for a prompt reply!
My webhost does not give access to .htaccess file because it provides shared web hosting service.
I will check about login form on cache plugin setting page.
Thread Starter
Anonymous User 5738192
(@anonymized-5738192)
In one of my websites, one IP address listed in Permanent Block List is also one of the Current Logged in User. Is my site hacked?
Hi,
In one of my websites, one IP address listed in Permanent Block List is also one of the Current Logged in User. Is my site hacked?
Do you know if they are logged in? If you think your site has been hacked, please follow these steps.
Step 1 – My Site was hacked
Step 2 – Hardening WordPress
Aside from the above two links you should also carry out the following to clean your site.
– Using cpanel file manager delete your wp-admin and wp-includes directories and then upload new versions from a fresh zip file of your WordPress core version.
– Delete all plugins and re-install fresh new versions. Also do not use old zip files you have on your computer or server. Always get new plugins directly from wordpress.org or from the developer who wrote them. (Same goes for your theme)
– Also go through your root directory and replace all wp core files with new versions and delete any unknown files. Check your wp-config.php file for any suspicious code.
– Go through all other wp directories such as uploads etc…and check to see if any suspicious php files are there. (eg, uploads directories should mostly have media files and not php files)
– Examine all of your server directories which reside outside of your WordPress installation and look for php files.
The above should help you get your site up and running and clean from any viruses.
Thank you
Thread Starter
Anonymous User 5738192
(@anonymized-5738192)
Thanks for useful info!
I deleted All In One WP Security & Firewall plugin and cleaned cache and reinstalled the plugin. Then blocked IP was not logged in.
Was it right step to take?
Yes that should do the trick. Also make sure you followed the above steps correctly.
Regards
