Hidden login url: still attacks

  • Resolved shalke04

    (@shalke04)


    7 years, 5 months ago

    Hi,
    I changed login url so I have hidden login url but attacks did not stop. They are very few but I wander how is possible. it may depend on the settings of tab “wordpress tweaks”…? tips? Thanks

Viewing 5 replies - 1 through 5 (of 5 total)
  • nlpro

    (@nlpro)

    7 years, 5 months ago

    There are multiple ways of attacking a WordPress website. Just enabling the Hide Backend module will not protect you against all attacks.

    Have a look at the Brute Force entries (Details) in the Logs page.

    Thread Starter shalke04

    (@shalke04)

    7 years, 5 months ago

    yes, you are right…I’ll study logs page. Thank you

    • This reply was modified 7 years, 5 months ago by shalke04.
    Thread Starter shalke04

    (@shalke04)

    7 years, 5 months ago

    @nlpro according files log report attacks arrive from page https://www.mysite.com/xmlrpc.php and from “myaccount” page …

    nlpro

    (@nlpro)

    7 years, 5 months ago

    Ok, so is the website using xmlrpc ? If not, disable xmlrpc from the WordPress Tweaks module.

    That should take care of most malicious login attempts. Incidental bad login attempts from the “myaccount” page are no big security risk. Could also be authorized people making a mistake typing the password… The plugin can’t distinguish between a mistake or a malicious attempt …

    More importantly, make sure all accounts are using a strong password 😉

    • This reply was modified 7 years, 5 months ago by nlpro.
    Thread Starter shalke04

    (@shalke04)

    7 years, 5 months ago

    Thank you, yes I’ll try disable xmlrpc from plugin settings… you was very helpfull

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Hidden login url: still attacks’ is closed to new replies.