Support » Plugin: Cerber Security & Antispam » People can still find my custom login page…

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Gioni

    (@gioni)

    Hi!

    What are your settings? Did you check:

    1. Disable wp-login.php on the Main Settings tab
    2. Disable XML-RPC on the Hardening tab?

    I have disabled wp-login.phone but not XML-RPC. I wasn’t sure if the second option was related to the wp-admin login access. I have now enabled it. I’ll keep and eye and let you know.

    Thanks.

    Plugin Author Gioni

    (@gioni)

    Hackers just use XML-RPC interface as a way to obtain admin password via a brute-force attack. It’s enabled by default and usually unprotected.

    Hi Gioni, I did actually disable both XML-RPC and wp-login.php, but I’m still getting bombarded with “failed” attempts to login from soviet countries with user names like admin, administrator, http://www.mydomain.

    Any idea what I could be doing instead? I wish I could just blacklist a whole country.

    Plugin Author Gioni

    (@gioni)

    Hi valkala!

    1. Change your Custom login URL.
    2. Check Block direct access to wp-login.php and return HTTP 404 Not Found Error.
    3. Make sure that you theme (in a menu) or some widget don’t display the Custom login URL.

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.