Hi Andrew, have you spoken to your host about this issue? It looks like your server authentication credentials are incorrect.
Kind regards
Haha what gave it away (-;
Thanks for getting back to me, we managed to resolve it, the problem was ironically 2 factor authentication. So to use this plugin and others ironically you need to turn 2FA off, thus defeating the object of increased security and i was recently hacked, so I’m pretty careful about this stuff now. However, I have wordfence installed and am now using a complex password, so for the time being hopefully that is sufficient but if you have any other advice about this I would be interested.
Kind regards
Andrew
Hi Andrew, I am glad to know you managed to fix your issue ๐
However, I have wordfence installed and am now using a complex password, so for the time being hopefully that is sufficient but if you have any other advice about this I would be interested.
I use All In One Security Plugin which allows me to rename the login page. That stops anyone from accessing my admin site unless they know my secret word of course ๐
Kind regards
Interesting. Would that stop the site sending emails though as that was my initial issue. Because of the 2FA was preventing my email plugin from automatically authentication, that was my initial enquiry or are you saying the solution is to use All in one security because the plugin will not need 2FA to work only human beings trying to login will require 2FA ?
Also, its not the end of the world but if it renames the login page, does this mean I will lose the current branded login page or is it just a different url leading to the standard admin sign-on page
Kind regards
Hi,
Interesting. Would that stop the site sending emails though as that was my initial issue.
I am not sure because I have no idea how your site is set up. You are welcome to give it a try to see if it works.
Regards
I have a login modal popup on the front-end my site is a membership site, so every time someone signs up they are emailed a link to the login page even if the emails work there people will still receive the name of the page and as I say they can login on the front end anyway. So does this defeat the objective of this plugin ?
Hi,
I have a login modal popup on the front-end my site is a membership site, so every time someone signs up they are emailed a link to the login page even if the emails work there people will still receive the name of the page and as I say they can login on the front end anyway. So does this defeat the objective of this plugin ?
That is very good. However, what happens if someone tries to access your site via the standard login URLs, yoursite.com/wp-login.php or yoursite.com/wp-admin.php?
Regards
Let me clarify I have this right. My understanding is you are saying this plugin allows me to customise the url of the login page, meaning it can’t be found unless you use that url or at least this plugin secures the standard login page in some way which is great however, what I’m saying is if someone wants to get in to the site and cant get in via the standard login page they can just go through the registration on the popup, so if my understanding is correct the plugin becomes redundant. Does that make sense ?
Hi,
Just for my curiosity. What happens when someone types the following yoursite.com/wp-admin.php or yoursite.com/wp-login.php to access your admin panel?
Thank you
The login link goes to my login page, the admin link goes to the front end of my website unless you take the php bit off the end and then it redirects to my login page. However, they don’t need to go to this page to register. They can register on the front end through the popup. The popup doesn’t redirect them to the login page, although it could be adapted to do that.
Hi,
However, they donโt need to go to this page to register. They can register on the front end through the popup. The popup doesnโt redirect them to the login page, although it could be adapted to do that.
So, it means that anyone can still access the login URL because they know it exist. This can represent a brute force attack if it is not a member or someone wanting to register in your site. It also means that resources are used by your server to process these login attempts. That is why I have hidden my login URL from the world. Anyone that tries to access my admin login URL they are automatically blocked.
However in your case, you might need to do things differently because of your membership site.
Thank you for sharing more information. I appreciate it.
Kind regards
OK, I might have to have a think through this. If I am leaving myself open to attack I’m not sure what the best solution is because as a memberships site, its essential to have a registration / login page all memberships sites have one. I could set the popup to redirect registrations and logins to the login page but I dont think that resolves the issues does it because this is just backdoor access to the encrypted login page. I dont really know what brute force attacks are but I do know wordfence alerts you of them, is that security enough or does it not enable you to stop them if they are using a VPN ?
I dont really know what brute force attacks are
A brute force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly your password. Having a complex unique login name for your website login page will definitely make it very hard for hackers to crack. This is a very simple explanation of what a brute force attack is.
I think Wordfence is a great security plugin as such and I am sure it is doing a great job in protecting your site from hackers. Of course having a membership site will also attract unwelcome visitors. That is unavoidable. You can only do so much to protect your registration and login form.
Kind regards
Thanks for the explanation that makes a lot of sense and that’s exactly what I experienced recently. I now use complex passwords and pay full attention to wordfence (-; which was alerting me before but I ignored it and I use wordfence 2FA for my account (Not sure how much good that really does to secure the dashboard from anyone not using my account details). Like you say there is only so much you can do, so I think I will just keep an eye on things but you have given me food for thought. That plugin sounds like a great solution but if I understand it correctly, I think it would actually make a memberships site unusable because if you were to change the url every time someone logged in users would never know where to go to login. Would that be a correct understanding of how the plugin works ?
Hi,
I have recommended users of Simple Membership plugin https://wordpress.org/plugins/simple-membership/ to use All In One https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
They both work really well together ๐
Kind regards
