Hide Backend issue

  • Adendum

    (@adendum)


    6 years ago

    I have been bombarded with brute force attacks and multiple failed login attempts so the plugin is working but the server is being hammered.

    I have changed a few settings to slow them up (only 1 login attempt, lockout period 1440 mins (24hrs), no notifications (got buried after 890 emails!) and I have hidden the backend login….which works for me but I am still seeing the lockouts grow each hour.

Viewing 2 replies - 1 through 2 (of 2 total)
  • kot41

    (@kot41)

    6 years ago

    Logs and will grow until you fill the database and do not damage the table after that you yourself will not go on to your site! also if the server is installed on the server redis then there is a chance not to get to the domain at all! this is due to the fact that the developers broke version 6.8.1 which was a beta version (that the developers released it as a release is a bug) and quickly released version 6.9.0. (completely non-working alpha release and immediately released 6.9.2. as you have I recommend urgently to roll back to version 6.8.1. there is cleaning logs! Yes, the motivation of developers is that if the site was hacked, you can learn from the logs that there was!
    I will reply if the site is hacked then immediately completely remove the plug-in from the system!
    Version 6.9.0-.6..9.2 are FORBIDED FOR MANY DATES OF THE CENTERS IN GENERAL!

    nlpro

    (@nlpro)

    5 years, 11 months ago

    Version 6.9.0-.6.9.2 are FORBIDED FOR MANY DATES OF THE CENTERS IN GENERAL!

    The 6.9.1 release includes a security fix:

    Security Fix: Fixed display of unescaped data on logs page

    For more info about all security fixes in the iTSec plugin visit the WPScan Vulnerability Database.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Hide Backend issue’ is closed to new replies.