Support » Plugin: WPS Hide Login » Brute force attacks still continue

  • Resolved darkgullgray

    (@darkgullgray)


    Hi there,

    as you read in title i’ve installed WPS Hide Login
    but it seems not working properly, they are still attempting to login.

    ty

    Alex

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author NicolasKulka

    (@nicolaskulka)

    The plugin does not prevent Brute Force attacks if someone finds the login url.

    Did you put in more, block bad queries for example?

    But is the purpose of the plugin avoid access to login page changing the login url?

    i’ve changed mine from mywebsite/wp-admin to mywebsite/customtext

    did I miss something?

    Plugin Author NicolasKulka

    (@nicolaskulka)

    No, that’s fine.

    You need to know the login url to make brute force attacks via the login url.

    After there is some that goes through the xmlrpc for example.

    so what do I have to to to stop xmlrpc attack, install another plugin?

    ty

    Plugin Author NicolasKulka

    (@nicolaskulka)

    Yes, or disable xmlrpc.

    https://fr.wordpress.org/plugins/disable-xml-rpc/

    I am doing a wps-limit-login plugin that will prevent brute force attacks.

    ty

    They will still hit your server / Account (shared hosting account). You will still see an entry that they tried wp-login.php but it will go nowhere since it was changed to something else. that means there will still be a little load on you server / account. But they will not get in if they guess the correct password. that’s the reason for seeing them still hitting you.
    I have found that wordfence is excellent along with WPBruiser and the addon that protects the contact form 7 plugin if you have that.
    wordfence will automatically stop the bots that try to guess a username that is not registered and also after so many attempts that you setup in settings. it will block the IPs.
    WPBruiser has settings to protect the forms. Bots usually work fast so WPBruiser will detect a fast login and automatically stop it. these two plugins with WP Hide Login I have found works great. Hope I have helped you today
    Mitch

    Ty Mitch very helpfull.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Brute force attacks still continue’ is closed to new replies.