• Resolved Wufuquan

    (@wufuquan)


    Hello,

    I’m using Custom WordPress Login Address, not the defualt wp-admin, for my blog.

    It’s works good on my other websites and but it not good on one website.

    I received too many unautorized login attempts.

    It is custom address and only limited person knows it, so if the address “hidden”, how could there are so many unautorized login attemtps happened ?

    Is there any setting on the server side from my hosting provider that can “publicize” the custom login address ?

    I already changed the login URL, but the unautorized login attempts will only stop for only 1-2 days, then its happens again.

    Thank you and warm regards

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, please check the following documentation. Let me know if this helps you.

    https://mbrsolution.com/wordpress/aiowps-plugin-pingback-protection-settings.php

    Thank you.

    Thread Starter Wufuquan

    (@wufuquan)

    Thank you for your help.

    I tried all the methods listed on https://mbrsolution.com/wordpress/aiowps-plugin-pingback-protection-settings.php

    But none working.

    Still shows: XML-RPC server accepts POST requests only.

    I check my other websites and sucessfully disable xmlrpc, it shows 403 Forbidden Error.

    Please help.

    Thank you and warm regards

    Plugin Support vupdraft

    (@vupdraft)

    Can you FTP into your website and locate your .htaccess file (This file is located at the root of your WordPress install). Download the .htaccess file to your machine. If you don’t see the following rules, then copy and paste the following into your .htaccess. Save the file and upload it via FTP

    #AIOWPS_PINGBACK_HTACCESS_RULES_START
    <Files xmlrpc.php>
    order deny,allow
    deny from all
    </Files>
    #AIOWPS_PINGBACK_HTACCESS_RULES_END

    Thread Starter Wufuquan

    (@wufuquan)

    Thank you for your reply.

    Unfortunately, the suggested code not working.

    So, I contacted my hosting provider and they add:

    # disable xmlrpc
    RewriteRule xmlrpc.php$ – [F,L]

    They said about that the suggested code not working for some type of server.

    Thank you and warm regards.

    Plugin Support vupdraft

    (@vupdraft)

    Thank you for sharing the solution with us.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Custom WordPress Login Address Always Revealed’ is closed to new replies.