Locked out messages after wp-login move and blocking xmlrpc.php requests
-
Hi,
I have Wordfence Security installed and since I was getting a lot of user locked out messages I have changed the login URL and hidden the wp-admin URL with Lockdown WP Admin plugin. I have also blocked xmlrpc.php requests in htaccess. I’ve added below code to htaccess:
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>All went well for a while but the last week or so I have been receiving lots of user locked out messages again. The messages refer to the old default /wp-admin URL:
“A user with IP address XXX.XXX.XXX.XXX has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username ‘feed\”‘ to try to sign in.”
Any idea how to totally prevent unwanted visitors to try and log in?
Thanks!
Syl
- The topic ‘Locked out messages after wp-login move and blocking xmlrpc.php requests’ is closed to new replies.