Brute Force Login attempts despite login rename
-
Site is being hit by many login attempts using a set of repeated (invalid) usernames but a variety of ip addresses – so blocking by username is not having much effect as the ip address keeps changing. Is there a better way to stop this type of attack?
I had already renamed the login page but I notice that if you go to http://www.sitename/wp-admin/ you get redirected to the renamed login page – so the login page isn’t really hidden – is this redirection a wordpress feature (in which case what is the point of renaming login) or is something not right with AIO WP Sec or possibly some other problem?
Thanks
-
Hi, have you enabled any of the following features.
Completely Block Access To XMLRPC:
Disable Pingback Functionality From XMLRPC:These can be located under WP Security -> Firewall -> Basic Firewall Rules.
If you haven’t can you enable one of these features. Then report back after a few days with any changes.
Regards
Hi
Thanks for response.
I did already have the Completely Block Access to XMLRPC enabled but not the Disable Pingback feature.
I have now enabled that too and will get back to you as to whether this has any effect.Do you have any advice / comment on my query about about the rename login feature and wp-admin?
RegardsHi, if you have enabled the following Completely Block Access To XMLRPC:, then you don’t have to also enable the following Disable Pingback Functionality From XMLRPC:
In regards to your question about the rename login. There must be something in your site that is redirecting back to the secret page. Once you enable the rename login feature in the plugin, when ever someone types yoursite.com/wp-admin it should give them a page not found error message. Do you have a cache plugin installed? Do you have other security plugins installed?
- This reply was modified 6 years, 12 months ago by mbrsolution.
I don’t have any cache plugin installed nor any other security plugins (just yours). I do however have a membership plugin. There is a “sign-in” link in the footer but there are no login fields on the site as standard. the membership plugin creates a login page on the fly if you go to a “blocked” page – which is the method I am using – i.e. the sign-in link points to a blocked page. I have however now shut down that option but am still getting hit by these multiple login attempts.
If you go to wp-login that goes to a Page Not Found. But wo-admin results in a sign-in page like this..
http://www.mysitename/mysecrectloginname/?redirect_to=http%3A%2F%2Fwww.mysitename%2Fwp-admin%2F&reauth=1
I have also added the 3 usernames they are using to the block user names list but as they are using multiple ip addresses it only has a limited effect.
Any more advice would be appreciated.
ThanksHi, the membership plugin might be creating all these login attempts. The reason why I am saying this is because of the following comment.
I had already renamed the login page but I notice that if you go to [http://www.sitename/wp-admin/] you get redirected to the renamed login page – so the login page isn’t really hidden
- This reply was modified 6 years, 12 months ago by mbrsolution.
I don’t think its the membership module – as I said I disabled that.
However I have just tried switching from my theme to a default wordpress theme and that issue with wp-admin goes away – so I will get in touch with the theme developer and see if they are the cause of this issue.
I’ll get back to you with an update.
Thanks for your help so far.Thank you for keeping me up to date.
Hi
Both the theme developer and I have been doing some testing on the redirect of the renamed login page issue. In all cases I have deactivated all plugins except yours.
The theme developers can’t reproduce the problem at all. But I found that with some other themes I tested there was no problem but with one theme (annoyingly the one I am using – which is a very popular theme with a high number of other users) I do still get this problem both on my hosted server and with a version on Desktop Server. However with the Desktop Server I do at least get some error messages.
I have taken a screen shot of these and the theme developers support have looked at this and say there are no references to their theme or functions.
Is there some way I can send you the screen shot so you can see these messages?
ThanksHi, the plugin developers will investigate further your issue.
Kind regards
Thanks
Here are the error messages when running under Desktop Server:Warning: call_user_func() expects parameter 1 to be a valid callback, no array or string given in C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-includes\functions.php on line 2538
Call Stack
# Time Memory Function Location
1 0.0038 202368 {main}( ) ..\index.php:0
2 0.0048 246032 require_once( ‘C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-admin\admin.php’ ) ..\index.php:10
3 0.0052 258600 require_once( ‘C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-load.php’ ) ..\admin.php:31
4 0.0056 266056 require_once( ‘C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-config.php’ ) ..\wp-load.php:37
5 0.0064 344048 require_once( ‘C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-settings.php’ ) ..\wp-config.php:90
6 1.5139 20450824 do_action( ) ..\wp-settings.php:413
7 1.5140 20452096 call_user_func_array:{C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-includes\plugin.php:525} ( ) ..\plugin.php:525
8 1.5140 20452160 AIO_WP_Security->aiowps_wp_loaded_handler( ) ..\plugin.php:525
9 1.5140 20452296 AIOWPSecurity_WP_Loaded_Tasks->__construct( ) ..\wp-security-core.php:219
10 1.5149 20494336 AIOWPSecurity_Process_Renamed_Login_Page::renamed_login_init_tasks( ) ..\wp-security-wp-loaded-tasks.php:16
11 1.5150 20494832 wp_die( ) ..\wp-security-process-renamed-login-page.php:106
12 1.5150 20495216 call_user_func:{C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-includes\functions.php:2538} ( ) ..\functions.php:2538( ! ) Warning: Cannot modify header information – headers already sent by (output started at C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-includes\functions.php:2538) in C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-includes\pluggable.php on line 1224
Call Stack
# Time Memory Function Location
1 0.0038 202368 {main}( ) ..\index.php:0
2 0.0048 246032 require_once( ‘C:\Users\MyDocs\Documents\Websites\www.myDTSsite.dev\wp-admin\admin.php’ ) ..\index.php:10
3 1.5458 22378080 auth_redirect( ) ..\admin.php:84
4 1.5466 22378704 wp_redirect( ) ..\pluggable.php:1084
5 1.5468 22385760 header ( ) ..\pluggable.php:1224
- The topic ‘Brute Force Login attempts despite login rename’ is closed to new replies.