Support » Fixing WordPress » Want to delete dashboard login pages to stop hackers

  • Hi. My sites are endlessly under attack by hackers and their bots. I have tried MANY different security plugins, captcha forms on the login in pages, etc., but cannot keep them out. Eventually they get through.

    I have even deleted the wp-login and wp-admin php pages and they were still able to login! Please tell me what pages I need to delete to prevent hackers from logging into my wordpress sites. I don’t mind adding them via ftp whenever I need to go in and make changes.

    Thank you.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Follow the security steps outlined in the Hardening WordPress page, and/or install a security plugin for additional protection.

    Hope this helps.

    Thank you very much for the response. I have taken many of these steps. What I would like to do is remove the ability for anyone to log in to the dashboard at all. Could you please tell me what files I would need to delete from my wordpress install to accomplish this?

    As I said, I removed wp-admin and wp-login and they were still able to login. What other files would I need remove to accomplish this?

    Thank you.

    Based on what you said, it looks like that the hacker has the higher level in his/her attack. If so, these plugins may not help. I think they’re good at to “prevent”, but not enough to “fix”.

    The ideas of checking your issue include:

    * Re-install all files including WordPress core, themes and plugins with the same current versions.
    * Use git to check the changes in your site, to know which files are getting changed.
    * Compare the database in the case the virus is getting back.
    * Change all weak passwords (database, FTP, admin accounts) and make them strong.
    * Apply other practices like restricting access to the area of wp-admin, chmod for the specific locations.

    If you are unfamiliar with the terms I’m talking above, it would be better to hire someone rather than struggle with it by yourself.

    Thank you so much. I know how to do these things and have done these things. I know how to find files that have been altered and to remove code changes. I also know to replace all the wp files and to go through all folders to find malicious script files. FTP, changing chmod, etc.

    I would like to know if there is a way to eliminate the ability to login to the dashboard completely by deleting wordpress files.

    Anyone know? Please?

    Thanks.

    If so, follow these:

    * Use git to check the changes in your site, to know which files are getting changed.
    * Compare the database in the case the virus is getting back.

    Do you notice any change?
    I’m not sure but it seems you don’t know about GIT? It’s more than just “how to find files that have been altered and to remove code changes.”


    I would like to know if there is a way to eliminate the ability to login to the dashboard completely by deleting wordpress files.

    Based on what I know and what you already described, this is not possible in your case.

    OK. That’s all my thoughts here 🙂 . If these do not help, wait for other replies.

    Thank you very much for your response. I don’t have a problem with getting rid of a virus. I just want to stop any ability to login to the dashboard.

    Does anyone know if there is a way to eliminate the ability to login to the dashboard by deleting certain wordpress files and not disrupt the display of the website?

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Want to delete dashboard login pages to stop hackers’ is closed to new replies.