Hide Login Path (3 posts)

  1. poijkl
    Posted 3 years ago #


    I've recently installed wordfence and I get email notifications when someone exceeds the number of login attempts and gets locked out. I thought I would rarely get this, but I've gotten 4 lock outs in the past 2 days. I block the ip's, but the ip's seem to be from foreign countries. Is this normal?

    Also, are there any plugins that'll let me hide wp-admin and wp-login to a different path? Or anything else you guys recommend to help me with this issue.

  2. leejosepho
    Posted 3 years ago #

    I block the ip's, but the ip's seem to be from foreign countries. Is this normal?

    Yes, and blocking a country for a while seems to send the hackers elsewhere.

    I believe there are things you could do in .htaccess to block access, but you would first want/need a dedicated IP to allow for yourself.

  3. bcworkz
    Posted 3 years ago #

    If you need random users to be able to login, effective IP blocking will depend on the distribution of your legitimate user base. Realistically, limited login attempts and lockouts combined with a really strong password is more than adequate defense.

    Even though I believe security by obscurity is an oxymoron, not having an 'admin' user has completely stymied all such hack attempts so far. Still, I believe hiding the login and admin paths is a wasted effort. In my experience, blocking a worldwide botnet has not yet resulted in the hacker controlling it going away. Going on 5 months now, he is still hammering away uselessly at my site. What a moron!

    If you only need access for a limited few, a dedicated IP is not necessarily required, though it makes things much easier. I personally have whitelisted the entire IP range allocated to my ISP using CIDR notation in .htaccess (Allow from for example). Since no hackers so far use my ISP, the worldwide botnet is completely blocked even though I do not have a static IP, and yet I login without apparent restriction. If I do use a different ISP occasionally, it takes about a minute to temporarily add my current IP to the whitelist via FTP.

Topic Closed

This topic has been closed to new replies.

About this Topic