Title: blocking wp-login.php. Last modified: March 19, 2017 --- # blocking wp-login.php. * Resolved [makemake](https://wordpress.org/support/users/makemake/) * (@makemake) * [9 years, 1 month ago](https://wordpress.org/support/topic/blocking-wp-login-php/) * I noticed that probably one person is undertaking a brutal attack each time from different ip-adresses. I think that because the attacker use each time the same username. * question: when I select the checkbox “visit wp-login.php”. Can I than still login with the username Admin myself? or do i lock myself out? And will this help to solve my problem? If not: do you have a suggestion? Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [gioni](https://wordpress.org/support/users/gioni/) * (@gioni) * [9 years, 1 month ago](https://wordpress.org/support/topic/blocking-wp-login-php/#post-8934310) * First of all, the plugin handles quite well all brute force attacks even with default settings. So, you can rely on it. Put that username on the list of Prohibited usernames (Users tab) and forget about that forever. * Plugin Author [gioni](https://wordpress.org/support/users/gioni/) * (@gioni) * [9 years, 1 month ago](https://wordpress.org/support/topic/blocking-wp-login-php/#post-9000928) * Hi! How is it going? * [VWFeature](https://wordpress.org/support/users/vwfeature/) * (@vwfeature) * [9 years, 1 month ago](https://wordpress.org/support/topic/blocking-wp-login-php/#post-9021027) * Hi makemake, The whitelist overrides the blacklist. When you set it up, Cerber automatically whitelists your IP adddress range. That means you COULD get attackers from your ISP, but that’s a small slice of the whole world. IMHO, it makes sense to disable the “admin” and “administrator” accounts, because they’re an obvious attack vector. Change your admin name to ‘your own Name plus some nonsense’ like George554, to reduce that vulnerability. * Read ArsTechnica’s articles on cracking. * And use a password manager (KeePass) and [strong passwords ](https://makemeapassword.org/generate/ReadablePassphrase) [https://makemeapassword.org/generate/ReadablePassphrase](https://makemeapassword.org/generate/ReadablePassphrase) * If they’re attacking wp-admin, then yes, using the IP blacklist will help, as will blacklisting ISPs that use the forbidden “admin” or “administrator” user names. * As does having a 100+ bit password ([https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.html](https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.html)) It’s called a layered defense. * Plugin Author [gioni](https://wordpress.org/support/users/gioni/) * (@gioni) * [9 years, 1 month ago](https://wordpress.org/support/topic/blocking-wp-login-php/#post-9022396) * For a serious project, you might want to use a mobile notification on any admin account login: [http://wpcerber.com/wordpress-mobile-and-browser-notifications-pushbullet/](http://wpcerber.com/wordpress-mobile-and-browser-notifications-pushbullet/) Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘blocking wp-login.php.’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/wp-cerber_77a9bf.svg) * [WP Cerber Security, Anti-spam & Malware Scan](https://wordpress.org/plugins/wp-cerber/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-cerber/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-cerber/) * [Active Topics](https://wordpress.org/support/plugin/wp-cerber/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-cerber/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-cerber/reviews/) ## Tags * [password](https://wordpress.org/support/topic-tag/password/) * [wp-admin](https://wordpress.org/support/topic-tag/wp-admin/) * 4 replies * 3 participants * Last reply from: [gioni](https://wordpress.org/support/users/gioni/) * Last activity: [9 years, 1 month ago](https://wordpress.org/support/topic/blocking-wp-login-php/#post-9022396) * Status: resolved