Support » Plugin: WPS Hide Login » Still getting login attempts after changing URL

  • Resolved aecnews


    I’m not sure I actually see the value of this plugin.

    We change our login URL and notify all of our staff and within an hour the new URL is being hit on with brute force attacks. It’s almost as if this plugin advertisers the new URL location.

    Why is this? Is this plugin leaking URL details?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author NicolasKulka


    add plugin disable-xmlrpc for brute force attacks

    Thread Starter aecnews


    Thanks you. I had xmlrpc exploits written into htaccess, but will try a plugin instead.
    Thank you.

    • This reply was modified 5 months ago by aecnews.
    Thread Starter aecnews


    That didn’t work at all.
    I’ve got 300 pages of failed login attempts in the user log in less than 24-hours.

    How is it possible for the new login address to be being hit on before all of my staff know what the new login URL is?



    The same is happening for me… how do they reveal the new url? I still have massive login attempts…

    Plugin Author NicolasKulka


    add plugin disable-xmlrpc
    add plugin wps-limit-login

    And users should not be given the opportunity to register otherwise the plugin has no interest.

    Is the disable-xmlrpc plugin the only way to diable XMLRPC? It hasn’t been updated in 2 years and there don’t seem to be other plugins that do the same thing?


    I use Asset Cleanup plugin, which includes a Disable XML-RPC feature. It has a lot of other great uses as well, I recommend it!

    Great tip. Thanks!

    Thread Starter aecnews


    Thanks @nicolaskulka
    That worked, but with Stop XML-RPC Attacks instead.

Viewing 9 replies - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.