Support » Plugin: All In One WP Security & Firewall » Login attacks although I switched the login url

  • Resolved per4mance

    (@per4mance)


    Hi,
    I’ve a question to your great plugin. I activated the new login url on my site but still have got login attacks as follows:

    user: [login]
    IP: 2a02:c207:1:1255::1

    or

    user: [login]
    IP: 2001:19f0:7001:32d7:c3b:e539:1a34:2ae6

    How can I avoid this? How does a hacker know what my login URL is?

    Thanks for any help!

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, do you have one of the following features enabled in your site? Some hackers target xmlrpc.php file in your site.

    Completely Block Access To XMLRPC:
    Disable Pingback Functionality From XMLRPC:

    Thank you

    • This reply was modified 3 months ago by  mbrsolution.
    per4mance

    (@per4mance)

    Hi @mbrsolution !

    Thank you. Now I activated both you mentioned above. I’ll keep an eye on it. Don’t know if XMLRPC is important for my site.

    Kindest regards ๐Ÿ™‚

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    Thank you. Now I activated both you mentioned above. Iโ€™ll keep an eye on it. Donโ€™t know if XMLRPC is important for my site.

    You only need to enable one of the option. Choose which one is best for your set up.

    Kind regards

    per4mance

    (@per4mance)

    OK, I’m going to do this – thank you ๐Ÿ˜‰

    nesoor

    (@nesoor)

    I just wanted to ask the same question.
    I am curious if this is going to work !

    P.S. I already had this one disabled: Disable Pingback Functionality From XMLRPC
    But that didn’t work so I choose now to fully block it.

    • This reply was modified 3 months ago by  nesoor.
    • This reply was modified 3 months ago by  nesoor.
    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi @nesoor,

    I am curious if this is going to work !

    Having Completely Block Access To XMLRPC: and Enable Rename Login Page Feature enabled has helped many. However it also depends on the type of website you are running and the plugins you have installed in your site.

    Regards

    • This reply was modified 3 months ago by  mbrsolution.
    kmensah

    (@kmensah)

    got the same issue but i later realized the attacks comes whenever i update my theme(when i delete outdated theme, download updated theme from theme author site and install)… disabling the plugin before doing this solved it. Dont know why it does that tho

Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.