WordPress.org

Forums

All In One WP Security & Firewall
[resolved] Renamed Login Page Issue/Question (11 posts)

  1. roos3342
    Member
    Posted 1 year ago #

    I have implemented the renamed login page, but in about an hour I have had over 440 IP addresses locked out. Any thoughts on this? I have used this plugin on several sites, but this is the first time it's happening! The site it's on does not see all that much traffic, so I'm surprised how fast the login attempts are happening from bots.

    Every single one is trying to login w/ the user admin, which doesn't exist.

    Please let me know if anyone has ideas!

    Thanks.

    Not sure if it matters, but the host is Dreamhost.

    https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

  2. mra13
    Member
    Plugin Author

    Posted 1 year ago #

    You can log into your site fine correct?

    If you enabled that feature and a bot is doing login attempts then the plugin is going to block that IP. You can turn off that IP blacklisting feature if you don't want to use it.

  3. wpsolutions
    Member
    Plugin Author

    Posted 1 year ago #

    roos3342,
    Are the addresses being locked out due to "404" events? (Go to the Dashboard menu and check the "Locked IP Addresses" tab).

    If so then it sounds like in addition to the rename login page feature you also have the "404 detection" feature enabled. You can disable the 404 lockout functionality if you wish.

  4. roos3342
    Member
    Posted 1 year ago #

    @wpsolutions,

    That tab shows the reason as being "login_failure", so I"m assuming that is not the 404 lockout you are talking about.

    @mra13 - I can login fine and you are correct, it is blocking the IP's of the attempted logins, but I'm just concerned that it's constant. I've never had this on a site before.

    The even weirder thing is, I ran a test where I completely removed the wp-login.php file via FTP and I was still getting IP addresses being locked with the reason being a "login_failure". I'm not quite sure how that happens?

  5. wpsolutions
    Member
    Plugin Author

    Posted 1 year ago #

    @roos3342,
    If possible, I would like to take a closer look at your site please.
    Contact me here and we can discuss further:
    support at wpsolutions-hq dot com

  6. roos3342
    Member
    Posted 1 year ago #

    Email sent!

    Thanks.

  7. onnawebdesign
    Member
    Posted 1 year ago #

    I just installed your plugin during a brute force attack and changed the name of the login page as well but I'm still getting tons of login attempts (5-20 attempts per minute). It is not the 404 lockout. I added a plugin to clear the cache just in case. Any suggestions?

  8. roos3342
    Member
    Posted 1 year ago #

    @onnawebdesign,

    Thanks to some help from one of the plugin authors or developers, they looked at my situation and discovered the attempts were not actually coming from finding the renamed login page. They determined it was executed via the xmlrpc.php functionality in the wordpress core and for some reason the .htaccess rules the plugin was adding to help prevent the attack was being ignored by the host. Talking to the host (Dreamhost) they were unable to give an explanation as to why they ignore the rules, but they did offer the following code to add to the .htaccess file. When I added it, the attempts stopped immediately and I have not had an issue since. Perhaps it will help you too.

    <Files xmlrpc.php>
    order deny,allow
    deny from all
    allow from YOUR.IP.HERE
    </Files>

  9. onnawebdesign
    Member
    Posted 1 year ago #

    Thanks roos3342,
    I have done that in the past but didn't think it would apply to this.
    I'll give it a try.

  10. roos3342
    Member
    Posted 1 year ago #

    No problem, I hope it works for you! Let us know if you don't mind :)

  11. onnawebdesign
    Member
    Posted 1 year ago #

    It appears to have worked. No attempts since .htaccess was modified.
    Thanks for the great suggestion! *phew. Now I can rest a bit easier. :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.