Hide Login – URL Identified | WordPress.org

schwamd
(@schwamd)

11 years, 6 months ago

Greetings. I have utilized the Hide Login Area feature for quite a long time with absolutely no one discovering the proper URL. This past week, however, someone discovered the URL and attempted brute force and admin account login attempts (both thwarted by iThemes Security).

I am a single administrator – meaning that no one else knows the admin login URL. In addition, I used a pretty random login location (along the lines of http://www.mysite.com/mjp-blob which has absolutely no meaning or connection to my website).

Has anyone heard of this occurring previously? It just seems so unlikely that someone figured out where my login screen resided that I wanted to get some feedback.

(I have since changed the location of my login screen)

https://wordpress.org/plugins/better-wp-security/

Viewing 3 replies - 1 through 3 (of 3 total)

iThemes Support
(@ithemes-support)

11 years, 6 months ago

Hey,

It’s really hard to say how they could gain access to it. It does sounds like you’ve taken the appropriate precautions.

I wish I had a better answer for you. But at least you can take pleasure in knowing that Security is doing it’s job!

Thanks,

Gerroald

AnnasGourmetGoodies
(@annasgourmetgoodies)

11 years, 5 months ago

This also happened to me – same scenario. My login had no relation to the site. I hope that iThemes will read this post – I believe there is a bug in their plugin that may allow the hidden login to be discovered.

iThemes Support
(@ithemes-support)

11 years, 5 months ago

Hi,

There are other ways to gain access to the page such as another plugin linking to it or a xmlrpc attack. Hide Backend is a good prevention, but it’s not and can’t be bullet proof.

Thanks,

Gerroald

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Hide Login – URL Identified’ is closed to new replies.

Tags

Hide Login Area

3 replies
3 participants
Last reply from: iThemes Support
Last activity: 11 years, 5 months ago
Status: not resolved