Support » Plugin: WPS Hide Login » It still finds my login with wp hide login, why?

  • Resolved marylineswiss

    (@marylineswiss)


    I installed wp hide login and despite everything there are 3 to 4 people a day who try to connect with my new login, although I changed the name of the connection every day, it continues, why? I see it in limit login because it uses the wrong password

Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Support MaximeWPS

    (@seinomedia)

    Hello,

    Thanks for using Elementor.

    Are your visitors able to sign up ? You can check it in your WP settings. It’s the only way for your users to find this slug when WPS Hide Login is installed.

    Thread Starter marylineswiss

    (@marylineswiss)

    No nobody can register on my site and in addition I very often change the name of the connection link, but every day, it finds. I have between 4 to 10 attempts each day! it is tiresome.

    Thread Starter marylineswiss

    (@marylineswiss)

    it doesn’t go through wp_login but it goes through wp_xmlrpc and this wp_xmlrpc I don’t know what it is …. you have an idea ?

    Thread Starter marylineswiss

    (@marylineswiss)

    i have put this, in the htaccess, i will see if it works, i dont even know what this xmlrpc.php is for. Whether it’s important or not. I just hope to have peace for a few days. If you could tell me if the xmlrpc.php has something to do with the login or if it’s like I read in some forum that it has become totally obsolete

    # BEGIN Disable XML-RPC request
    <Files xmlrpc.php>
    order allow,deny
    deny from all
    </Files>
    # END Disable XML-RPC

    Plugin Support MaximeWPS

    (@seinomedia)

    Hello,

    WPS Hide Login hide your login page slug and redirect to homepage when someone try to reach your back-office.

    Then, if someone finds your login page, it means it’s public somewhere.

    You’re right, XML-RPC is better desactivated but I don’t think it’s the reason why you’ve got login attempts.

    Thread Starter marylineswiss

    (@marylineswiss)

    Do you have any idea how to find the location where the login could be made public?

    Plugin Support MaximeWPS

    (@seinomedia)

    Hello,

    I don’t know. Either anyone can register on your website (check this option in your settings) or there is a link somewhere on your website.

    Thread Starter marylineswiss

    (@marylineswiss)

    I have some very good news and some bad news,
    THE GOOD NEWS: since I blocked xmlrpc.php, no more connection attempts.Hope this continues for several days. So it was indeed from xmlrpc.
    the bad news is that something on jetpack is also blocked hahaha. I’m going to have to make a choice between jetpack and tranquility LOL

    @marylineswiss Same issue with me. They are relentless. What’s more, they know my actual name as they use it quite often to log in. Sometimes they use my site name as the UN. Regardless, they do not know my UN (it’s just weird that they know my real name and use that to log in.).

    Can you tell me where you put that code?

    # BEGIN Disable XML-RPC request
    <Files xmlrpc.php>
    order allow,deny
    deny from all
    </Files>
    # END Disable XML-RPC

    I do not access the PHP, but maybe my host company can help me. THe whole reason I added this plugin was to stop this particular person (or bot) from trying.

    The other thing I will try next is 2FA.

    Any help would be appreciated.

    @marylineswiss Just found this article that talks about the jetpack issue you were illustrating in your comments. https://www.hostinger.com/tutorials/xmlrpc-wordpress

    If you’d want to only turn certain elements of XML-RPC off, but still allow certain plugins and features to work, then use the following plugin:

    Stop XML-RPC Attack. https://wordpress.org/plugins/stop-xmlrpc-attack/ This plugin will stop all XML-RPC attacks, but it’ll continue to allow plugins like Jetpack, and other automatic tools and plugins to retain access to the xmlrpc.php file.

    Thread Starter marylineswiss

    (@marylineswiss)

    With each update of wordpress, the access is modified, I do not know why and unfortunately the attacks start again.

    So finally I edited the xmlrpc.php and I totally modified it: I put a redirect to a page with advertising 🙂 and cat jokes. With a beautiful 404 image and I hope to finally have peace https://www.zeste-citron.com/xmlrpc.php for a very long time

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘It still finds my login with wp hide login, why?’ is closed to new replies.