Support » Plugin: iThemes Security (formerly Better WP Security) » How can I have 154 bad login entries if I hid my login page?

Viewing 8 replies - 1 through 8 (of 8 total)
  • Handoko

    (@handoko-zhang)

    Hacking attempts. I’m sure, 100%. Me too have lots of such things.

    This plugin make all hacking attempts for login fail to login. But it keeps a log for you to see, analyze or take necessary actions (IP banning). This is how this plugin works.

    Now, we can see how useful this plugin is. Thanks to the author.

    I see. So, I guess the plugin is smart enough to infer that those are login attempts even though they don’t even get to see the login page. ok.

    Thanks!

    You’ll have to have a login page, even if it’s your.url/login, and that’s guessable.

    The thing you’ve done right is either make the admin password obscure, or, better, removed the admin user.

    Handoko

    (@handoko-zhang)

    Oops, I made a mistake. I said:
    “This plugin make all hacking attempts for login fail to login.”

    I was wrong, the truth is:
    This plugin fails to hide some logins because some hackers have already know the secrets. There is a bug in this plugin.

    I thought this bug has been fixed, but it’s not. This issue have been discussed many times. For more info, please read:
    http://wordpress.org/support/topic/plugin-better-wp-security-bypass-to-login-hide-or-hide-backend

    Things we can do for this issue:
    – Remove admin user (as suggested by edradour)
    – Use long and difficult to guess password
    – Manually block bad IPs
    – There is a quick (temporary) I suggested as in the link I give

    how to know IP, means who is tying to login to as admin???

    n m getting problem like after trying more than 3 time(with admin username) hacker ip is not blocking,

    even i have installed “Who’s Online” plugging in that not showing ip of hacker.

    hows its possible?

    @handoko: a bug… and do you know if this bug is solved or will be solved any time soon?

    Handoko

    (@handoko-zhang)

    @chetan0412

    To know the IP, you may:

    – Login to your cPanel, choose phpMyAdmin, select your database, then choose ??bwps_log table. That is the log with all details.

    – Login to your cPanel, choose Latest Visitors and select your database, you may use search filter to limit the result.

    – Use Adminer plugin if you don’t want to access cPanel.

    @nununo

    So far as I know, this bug still not solved. I monitor this forum frequently, it seems the author of this plugin is busy preparing the release of version 4. Here you can read the info:
    http://wordpress.org/support/topic/suggestions-and-bwps-40

    Thanks Handoko.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘How can I have 154 bad login entries if I hid my login page?’ is closed to new replies.