renamed wp-login.php

  • Resolved Ken Stone

    (@wpstoneblue)


    6 years, 2 months ago

    Getting a lot of login attempts on a particular site today that really isn’t used much so I renamed wp-login.php to a random string.php but I’m still getting user locked out from signing in emails.

    I know I can change the settings to stop the emails but my curiosity has me. If wp-login.php is effectively missing shouldn’t they just be getting 404 when trying to login?

Viewing 7 replies - 1 through 7 (of 7 total)
  • boxthemes

    (@boxthemes)

    6 years, 2 months ago

    Hello,

    I think you can solve this issue by follow this.
    1) Rename wp-login.php file to my-login.php name.
    2) Open my-login.php file from your server, find the text “wp-login.php” and replace by “my-login.php” text.

    3) Save, done.

    Hope it helps.

    Thread Starter Ken Stone

    (@wpstoneblue)

    6 years, 2 months ago

    I’ve done that in the past to hide the login but I’m not even concerned about logging in, it’s not a site I log in to very often so that’s why I just renamed the file with random string. I’ll just delete it for now and see what that does.

    I’m wondering how I’m still getting WordFence emails about failed login attempts if they can’t even find the login file?

    mountainguy2

    (@mountainguy2)

    6 years, 2 months ago

    Probably because you can also use the URL website/wp-admin to login to WordPress, and about 30 million botters know that… if you’re obfuscating your site login, which I do myself and highly recommend, a quick and complete way to do it is use plugin WPS Hide Login. Hope that helps. MTN

    Thread Starter Ken Stone

    (@wpstoneblue)

    6 years, 2 months ago

    If I go to wp-admin I get 404 page not found because I’m not logged in. It redirects to wp-login which is gone.

    I’m not concerned about hiding the login I deleted it since I hardly ever log in to that site anyway.

    My main curiosity is WordFence still emailing me about login attempts when there is no way to log in as far as I know.

    wfalaa

    (@wfalaa)

    6 years, 2 months ago

    Hi @wpstoneblue
    These login requests could be initiated via XMLRPC, read more about attacks by XMLRPC here and here, then check this article to know if you can block access to XMLRPC or not.

    Thanks.

    mountainguy2

    (@mountainguy2)

    6 years, 2 months ago

    Apologies for not reading the origin of this thread as carefully as I should have. Been so used to “hide wp-login.php” type posts I tend to fire off too fast. In my case, I do not use or need xmlrpc in fact I hate it for the time it takes to deal with. So I delete xmlprpc.php and place /xmlrpc.php in the Wordfence “Options/Immediately Block URLs.” I used to just block xmlrpc.php in my .htaccess file, but I’d rather use it as a honey pot that results in lengthy IP blocks implemented by Wordfence. In my case I set those blocks to 48 hours.

    As for wp-login.php, sure, delete if not needed (I use WPS Hide Login plugin as we do need the login for our sites). I’m a big fan of deleting as many WordPress core files as possible as who knows what attack vectors will be discovered tomorrow (oh joy). For example, I delete wp-mail.php and wp-signup.php. One has to delete these sorts of things each time WordPress updates. I suppose one could set up a cron job to do this, but I’m in the site root enough anyway so I just do it manually.

    A cool Wordfence feature, actually, would be a programatic audit of WordPress core that suggested core file elimination via checkboxes. Oh blasphemy!

    MTN

    • This reply was modified 6 years, 2 months ago by mountainguy2.
    Thread Starter Ken Stone

    (@wpstoneblue)

    6 years, 2 months ago

    Awesome, @mountainguy2 & @wfalaa thank you so much.

    Busy this week with clients and haven’t had time to look into it at all.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘renamed wp-login.php’ is closed to new replies.