Begin your defense with plugin “WPS Hide Login,” which is known to play nice with Wordfence (and really should be part of Wordfence as a feature) but consider other measures such as country blocking, and of course set your login rules in Wordfence to be quite strict. In my case, after I implement WPS Hide Login, I add the following blocking to my .htaccess file to eliminate clutter in Wordfence and stop those bots quick. But you can just block wp-login.php using Wordfence Options: “Immediatly Block IP using these URLs..”
# !!!!!following blocks wp-login, if login url obfuscation plugin is disabled this will block admin #login, fix using ftp access to this .htaccess file
# note, wp-login php is also blocked in Wordfence Options!
<FilesMatch “^(wp-login\.php)”>
Order Deny,Allow
Deny from all
</FilesMatch>
MTN
This is the free forum so I don’t have access to country blocking. And what about legit visits from said country? I don’t see where you set login rules in Wordfence.
I will checkout that plugin, thanks. The document on immediately block IP’s that access these URLs says it should be a URL that doesn’t exist, so that’s confusing. I’m whitelisted so I guess if I put wp-login.php there, I can still use it and login.
I’m note how to work with .htaccess and didn’t understand the code you provided. Appreciate that you responded. Yeah, it’s weird that Wordfence doesn’t have a hide login feature.
Actually I’m not sure who’s IP was in the whitelist or how it got there. I looked it up and it came back as Cox Communications. I got rid of it.
Still working on this. Still haven’t picked a plugin. Anyone else want to chime in?
Yes, you have access to country blocking, by virtue of other plugins such as IQ Block Country. As for .htaccess, if you’re serious about website security you’ll have to learn how to use it, or pay someone to help you.
BTW, I just tested “Immediately block IPs that access these URLs” and yes, the URL has to exist on your server for this to work.
MTN
-
This reply was modified 7 years, 3 months ago by
mountainguy2.
That Cox Communications reference caught my eye as I have had attempts of hacking from that hosting company. What I did was:
Go to: www. who hosts this site. com where you can look up any organization and find their hosting company. Enter in their address: http://that site.com
Wordfence gives you lots of detail on who originated the attempt.
Then block that IP of the hosting company. it works. Some of these hackers are using the same hosting spam networks.
Go to your Options in Wordfence and you’ll see Block IP, I use that to block all hackers.
Just a tip.
For some reason, brain confusion, in my post above I wrote exact opposite of how the “Immediately Block URL…” feature in WF Options functions. If the forum moderator could delete my wrong statement I’d appreciate. Too late for me to edit myself.
According to my tests, for a URL to be blocked it needs to NOT exist on your website server.
This confusing feature is discussed here:
https://wordpress.org/support/topic/immediately-block-ips-that-access-these-urls-2/
MTN
Cox Communications is a giant providing TV, Internet, phone, home security. I’m not too worried about that whitelisted IP I found. I deleted it, it could belong to the person who helped me clean a prior hack and installed WF. At this point I don’t believe I’m hacked and have implemented some measures, see my next post(s). I am still looking for a good login page hider though!
I installed IP Geo Block instead of the one suggested. I’m not convinced of WPS Hide Login, so still hunting, suggestions welcome please. ALSO, if you have Jetpack plugin installed it does have a brute force attack blocker which for some strange reason I had not activated.
As for the immediately block IPs document on WF’s site is confusing. Calling on WF people here to clarify this for us.
