I installed wp hide login and despite everything there are 3 to 4 people a day who try to connect with my new login, although I changed the name of the connection every day, it continues, why? I see it in limit login because it uses the wrong password
Thanks for using Elementor.
Are your visitors able to sign up ? You can check it in your WP settings. It’s the only way for your users to find this slug when WPS Hide Login is installed.
No nobody can register on my site and in addition I very often change the name of the connection link, but every day, it finds. I have between 4 to 10 attempts each day! it is tiresome.
it doesn’t go through wp_login but it goes through wp_xmlrpc and this wp_xmlrpc I don’t know what it is …. you have an idea ?
i have put this, in the htaccess, i will see if it works, i dont even know what this xmlrpc.php is for. Whether it’s important or not. I just hope to have peace for a few days. If you could tell me if the xmlrpc.php has something to do with the login or if it’s like I read in some forum that it has become totally obsolete
# BEGIN Disable XML-RPC request
deny from all
# END Disable XML-RPC
WPS Hide Login hide your login page slug and redirect to homepage when someone try to reach your back-office.
Then, if someone finds your login page, it means it’s public somewhere.
You’re right, XML-RPC is better desactivated but I don’t think it’s the reason why you’ve got login attempts.
Do you have any idea how to find the location where the login could be made public?
I don’t know. Either anyone can register on your website (check this option in your settings) or there is a link somewhere on your website.
I have some very good news and some bad news,
THE GOOD NEWS: since I blocked xmlrpc.php, no more connection attempts.Hope this continues for several days. So it was indeed from xmlrpc.
the bad news is that something on jetpack is also blocked hahaha. I’m going to have to make a choice between jetpack and tranquility LOL
@marylineswiss Same issue with me. They are relentless. What’s more, they know my actual name as they use it quite often to log in. Sometimes they use my site name as the UN. Regardless, they do not know my UN (it’s just weird that they know my real name and use that to log in.).
Can you tell me where you put that code?
# BEGIN Disable XML-RPC request <Files xmlrpc.php> order allow,deny deny from all </Files> # END Disable XML-RPC
I do not access the PHP, but maybe my host company can help me. THe whole reason I added this plugin was to stop this particular person (or bot) from trying.
The other thing I will try next is 2FA.
Any help would be appreciated.
@marylineswiss Just found this article that talks about the jetpack issue you were illustrating in your comments. https://www.hostinger.com/tutorials/xmlrpc-wordpress
If you’d want to only turn certain elements of XML-RPC off, but still allow certain plugins and features to work, then use the following plugin:
Stop XML-RPC Attack. https://wordpress.org/plugins/stop-xmlrpc-attack/ This plugin will stop all XML-RPC attacks, but it’ll continue to allow plugins like Jetpack, and other automatic tools and plugins to retain access to the xmlrpc.php file.
With each update of wordpress, the access is modified, I do not know why and unfortunately the attacks start again.
So finally I edited the xmlrpc.php and I totally modified it: I put a redirect to a page with advertising 🙂 and cat jokes. With a beautiful 404 image and I hope to finally have peace https://www.zeste-citron.com/xmlrpc.php for a very long time
- The topic ‘It still finds my login with wp hide login, why?’ is closed to new replies.