Support » Plugin: iThemes Security (formerly Better WP Security) » Question regarding the hidden login area

Viewing 3 replies - 1 through 3 (of 3 total)
  • WordPress has multiple attack vectors for brute force attacks.
    So seeing those login attempts in your logs does not automatically mean your custom login slug has been compromised. (Unless you see in the logs that those login attempts are actually using the custom login slug).

    That said there is still a security issue in the iThemes Security plugin which makes using the Hide Backend feature useless …

    Send me an email at [ redacted, support is not offered via email, Skype, IM etc. only in the forums ] and I’ll let you know the details.

    It’s better not to provide those details in a public forum (again);-)

    Lastly the Hide Backend feature falls into the obscurity category.
    It is not really a feature that strengthens the security of your website. It only makes automated attacks a little bit more difficult.

    dwinden

    Addendum:
    Just received this article from iThemes.

    I think in this case they were using the slug because the moment I changed it the login attempts stopped.

    It’s okay, I don’t really need to know those details. Maybe you could fill a bug report to let the developers know about that problem?

    Ah ok.

    The issue has been reported in this forum over and over and over again by several people …

    My view is that 1 report of such a security issue in their security plugin should be enough for iThemes to act upon.

    Oh I almost forgot, sometimes when people forget their custom login slug (or when debugging) it’s nice to have this backdoor 😉
    So I don’t mind …

    dwinden

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Question regarding the hidden login area’ is closed to new replies.