• I have, “Disable wp-login.php” enabled. I keep receiving a message from WordPress that states the following:

    Since WordPress 5.2 there is a built-in feature that detects when a plugin or theme causes a fatal error on your site and notifies you with this automated email.

    In this case, WordPress caught an error with your theme, Divi.

    First, visit your website (xxxxx) and check for any visible issues. Next, visit the page where the error was caught (https://xxxx/wp-login.php) and check for any visible issues.

    Please contact your host for assistance with investigating this issue further.

    If your site appears broken and you can’t access your dashboard normally, WordPress now has a special “recovery mode”. This lets you safely login to your dashboard and investigate further.

    link removed

    To keep your site safe, this link will expire in 1 day. Don’t worry about that, though: a new link will be emailed to you if the error occurs again after it expires.

    Is there a way to stop this message, or am I better of just turning that feature off to keep from receiving the message?

    Question 2:
    I noticed a couple of people asking about running a second security suite like Wordfence or WP Security and you stated that they do not clash. Is that a good idea to run two separate protection software packages on one site?

    If I remember correctly running two security suites could cause false positives. I want to be secure, but I don’t want to crash my site with overkill.

    Thank you,
    Syxguns

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Gregory

    (@gioni)

    A1: In the Main Settings set “Display 404 page” to “Display simple 404 page”.
    A2: Well, WP Cerber is an evolving beast. Today it can work along with another security plugin without issues or false positives but nobody can guarantee that such combination will work smoothly tomorrow.

    Thread Starter Syxguns

    (@syxguns)

    I will update if I get another email from WP

    Thank you Gioni for the answer. I have always used Wordfence in the past, and do like what it provides. However, Cerber has a lot of features that Wordfence does not have. I have not installed Wordfence this go around and am running Cerber and Fail2Ban. From my perspective, and I am not a security expert, I feel that the combination of the two plugins for security and hardening is enough.

    Now I could be wrong but would be adding Wordfence to the mix be overkill? Because nobody can get into my site by conventional methods. wp-login.php and wp-admin are either closed off or you need the new link for admin. The other day I had to let someone get onto my site to investigate an error I was experiencing and they could not get in without me disabling Cerber. I feel confident that Cerber is providing the security that I need, meaning no one should be able to access anything and a brute force attack will get them kicked off so they should give up trying. Would you agree that I should be fully protected running Cerber and Fail2Ban?

    In case you are not familiar with Fail2Ban here is a link: https://wordpress.org/plugins/wp-fail2ban/

    Thank you,
    Syxguns

    Thread Starter Syxguns

    (@syxguns)

    Nope, I Just got the email again.

    from: noreply@wordpress.org

    Since WordPress 5.2 there is a built-in feature that detects when a plugin or theme causes a fatal error on your site and notifies you with this automated email.

    In this case, WordPress caught an error with your theme, Divi.

    First, visit your website (https://XXXX.com/) and check for any visible issues. Next, visit the page where the error was caught (https://XXXX.com/wp-login.php) and check for any visible issues.

    Please contact your host for assistance with investigating this issue further.

    If your site appears broken and you can’t access your dashboard normally, WordPress now has a special “recovery mode”. This lets you safely login to your dashboard and investigates further.

    Got a code snippet I could inject into functions.php or another workaround. To be honest with you I shouldn’t even worry about it. I have a custom login page, so wp-login.php is not needed.

    Thank you,
    Syxguns

    Plugin Author Gregory

    (@gioni)

    Hey! How’s it going? Regarding your previous message: there is no such thing as “be fully protected” in the security industry. The real and achievable goal is to raise the bar, the cost of penetration to a level that makes no sense for a typical for your industry cybercriminal to try to find a way to hack a website or exploit a breach. Fail2Ban works well but it’s a too complex topic for most website owners.

    Thread Starter Syxguns

    (@syxguns)

    Sorry Gioni,
    This post is of no importance any longer. I had Cerber on 3 of my 6 websites and got locked out of each one of them. I had to use your remove Cerber Unistall script on all of them. I then tried it on just one site, and again it would lock me out.

    During the initial install, Cerber does not recognize my IP address so I follow the instructions you laid out and made necessary changes to my wp-config.php. Once I had my IP address set, I would go through the setup. I tried several different settings and even not redirecting the login page.

    No matter what I tried I would get locked out, and trying to access the login page from my member’s platform would fail. I would go to /wp-login.php and it would fail. I could not access wp-admin.php it would redirect me. I tried multiple times with multiple ways of setting it up but to no avail, I would always get locked out of the system.

    I went back to another security program that is good, I just really wanted Cerber to be the answer. I really love the way you incorporated a lot of WordPress Hardening features into the program.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Hiding wp-login’ is closed to new replies.