WordPress.org

Forums

[resolved] WordPress Admin Protection (15 posts)

  1. jwsmithc4
    Member
    Posted 1 year ago #

    I'm trying to work the kinks out on my wordpress site, hosted on it's own domain.

    When I or any users go to login or register it pops up with this http://atheist-gamer.com/wordpress%20login.PNG

    I've gone through the dashboard to no avail. I'm thinking it has to be fixed somewhere else but I'm new to this and have yet to find anything referencing it short of "Protecting your WordPress Site".

    Thank you for any help.
    The site is located at http://www.atheist-gamer.com

    Side question but somewhat related, would there be anyway to have registered users on my PHPBB forum automatically added to the WordPress user list?

    Thanks for any help.

    [Moderator Note: Please ensure that you are embedding links correctly in your posts.]

  2. esmi
    Forum Moderator
    Posted 1 year ago #

    Are you using an admin protection plugin?

  3. jwsmithc4
    Member
    Posted 1 year ago #

    The only plugins I have installed are Plugins

    I'm not seeing anything in there that would cause this problem. I'm kind of thinking it my be a mysql problem.

  4. congnghevps
    Member
    Posted 1 year ago #

    Using htaccess to create passwd for your web folder, :)

    Regards,

  5. jwsmithc4
    Member
    Posted 1 year ago #

    This is my .htaccess.

    <files wp-config.php>
    order allow,deny
    deny from all
    </files>
    
    # Block the include-only files.
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
    </IfModule>
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress

    What exactly should be changed?

  6. jwsmithc4
    Member
    Posted 1 year ago #

    Still have not found an answer on this.

  7. What answer were you looking for and what protection?

    If you mean to block wp-admin and wp-includes then there is a real chance you'll break something without intending to.

    There are ways to harden your WordPress installation.

    http://codex.wordpress.org/Hardening_WordPress

    As well as deal with (really irritating!) Brute Force attacks.

    http://codex.wordpress.org/Brute_Force_Attacks

    Or you can even consider a security plugin (I don't use any of those myself).

    http://wordpress.org/plugins/search.php?q=security

    But again, what are you looking for when you say "WordPress Admin Protection"?

  8. jwsmithc4
    Member
    Posted 1 year ago #

    I'm trying to remove this useless login that pops up whenever ANYONE tries to login or register. Before the log in
    It says
    "A username and password are being requested by http://www.atheist-gamer.com. The site says: "[ WordPress Admin Protection: Please enter username 'admin' and password 'wplogin' to load your WP login page ]""

    I'm trying to remove this, it doesn't seem to be in the .htaccess or anything.

  9. jwsmithc4
    Member
    Posted 1 year ago #

    I have no plugins activated besides the ones right here

    http://atheist-gamer.com/PLugins%20being%20used.PNG

  10. "A username and password are being requested by http://www.atheist-gamer.com. The site says: "[ WordPress Admin Protection: Please enter username 'admin' and password 'wplogin' to load your WP login page ]"

    That sounds like something your host has implemented as a way to get around brute force login attempts. It won't stop a real person from entering that admin/password combination but would stop or slow down bots from hitting wp-login.php.

    Contact your host and ask them where that's from. That doesn't look like anything a WordPress plugin would do or leave behind.

  11. jwsmithc4
    Member
    Posted 1 year ago #

    ok that's kinda what I was thinking but didn't want to go and bug them for something that was implemented automatically.

    I'm new to the whole CMS thing and WordPress in general.

    I'm mostly a design person and 5/4 of this is new, plus there is a billion lines of stuff to go through to find what you're looking for when it comes to researching these problems.

    also wplogin is a pretty common phrase to search for...

  12. Well... if you can see hidden files on your web server the look for any .htaccess files in wp-admin, wp-includes`, etc. as a just in case.

    But there really shouldn't be any other .htaccess and posting the ID and password like that would make for an awful security feature... ;)

    I'm pretty sure it's your host. Hopefully you'll get someone who can confirm that.

  13. jwsmithc4
    Member
    Posted 1 year ago #

    Yea I was thinking the same thing, I can't find any mention of it anywhere. I emailed em, they're usually pretty prompt.

    Thanks again for the help.

  14. jwsmithc4
    Member
    Posted 1 year ago #

    I think I resolved it myself... I installed that all-in-one security thing, Changed the login/register page.

    And now it's not popping up from what I can tell.
    Atheist Gamer

    Thanks again for all the help, I think it may have been the actual Login/register php file. which still doesn't make sense to me

  15. jwsmithc4
    Member
    Posted 1 year ago #

    I guess if the script they are using is targeting the default login/register page and you change the filename it no longer targets it, so... yea Resolved? I guess.

Topic Closed

This topic has been closed to new replies.

About this Topic