I’m not sure exactly what you mean. When I visit the website you mentioned, all I see is the website. I can’t access the WordPress backend, which is how it should be.
Perhaps you’re concerned about securing the installation. In that case, I would recommend this article: https://developer.wordpress.org/advanced-administration/security/hardening/
Hi Threadi,
Thank you for the message. If you write down wp-admin at the end you will be in the admin console.
https://parents.mmc.vic.edu.au/wp-admin/
Also, we have noticed the wp-cron.php file responsible for scheduled events in a WordPress website. By default, when a request is made, WordPress will generate an additional request from it to the wp-cron.php file. During the penetration test, it was found that WP-Cron is enabled for https://mmc.vic.edu.au. The generation of many requests to this website increases the likelihood of the site vulnerable to a Denial-of-Service attack, which may impact website availability for users.
Is there any solution or recommendation for this as well ?
When I go to the admin URL, I see the login form. As I already wrote, everything is as it should be.
Try it yourself in a private browser window. You should also see the login form there.
However, the login form appears to be highly customized. Are you using a plugin to change the styling? Are you also using a plugin to change the login behavior in some way, e.g., an SSO plugin?
The URL without parents is a completely different WordPress installation. Apparently, you have several. Each installation should use its own WP Cron and not call up another one – unless, as already mentioned above, you are using an SSO plugin that influences the behavior of WordPress.
