Plugin Contributor
Maya
(@tdgu)
Hi,
In such a scenario the benefit of changing the default login URL, will be to prevent boots/automated scripts to check your site for being a WordPress site. Generally, those are not smart enough and just try the default login URL, but if that is changed and the default blocked, will not find anything.
Thanks
thank you for clearing
but as per your answer and since the boots search for wordpress wp-login.php to try to enter site through the log in form
do you think that will be the same in case I make must site log in site so boots will find directly the log in page and the log in form
right or not ?
regards
Plugin Contributor
Maya
(@tdgu)
Hi,
There are 2 different things:
1) Boots that search for WordPress sites and check for the /wp-login.php /wp-admin/ URL. They are pretty dumb, If that is not found they move over to another site, so we’re good here.
2) Boots that search for any forms inside your website ( any site type, not just WordPress ) and attempts to brute force in by guessing common logins. If your login URL is not listed anywhere, you will be covered and safe, since those parsers can’t reach the login form.
If the login page is listed on your site (e.g. menus ) it will be accessible, still not recognized as being a WordPress.
Hope this helps
Thanks
thank you very much for the clearance
point 1 all cleared
point 2
so
1- removing any link on the site that lead to log in page (from menus, widgets ,page..etc) will be okay bots can not reach the login form
but
in case I remove links but with making site must login with forced redirection to login page
at this case bots can find login form (right or not)?
best regards
Plugin Contributor
Maya
(@tdgu)
In that case, they will find the form on the new login URL, still, most probably they will not figure out the WordPress inside.
Hope this responded to your question.
Thanks
