Support » Plugins and Hacks » Hacks » Hide Login Path

Viewing 2 replies - 1 through 2 (of 2 total)
  • leejosepho

    (@leejosepho)

    I block the ip’s, but the ip’s seem to be from foreign countries. Is this normal?

    Yes, and blocking a country for a while seems to send the hackers elsewhere.

    I believe there are things you could do in .htaccess to block access, but you would first want/need a dedicated IP to allow for yourself.

    Moderator bcworkz

    (@bcworkz)

    If you need random users to be able to login, effective IP blocking will depend on the distribution of your legitimate user base. Realistically, limited login attempts and lockouts combined with a really strong password is more than adequate defense.

    Even though I believe security by obscurity is an oxymoron, not having an ‘admin’ user has completely stymied all such hack attempts so far. Still, I believe hiding the login and admin paths is a wasted effort. In my experience, blocking a worldwide botnet has not yet resulted in the hacker controlling it going away. Going on 5 months now, he is still hammering away uselessly at my site. What a moron!

    If you only need access for a limited few, a dedicated IP is not necessarily required, though it makes things much easier. I personally have whitelisted the entire IP range allocated to my ISP using CIDR notation in .htaccess (Allow from 123.123.0.0/18 for example). Since no hackers so far use my ISP, the worldwide botnet is completely blocked even though I do not have a static IP, and yet I login without apparent restriction. If I do use a different ISP occasionally, it takes about a minute to temporarily add my current IP to the whitelist via FTP.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Hide Login Path’ is closed to new replies.