wp-login.php – can I remove it to prevent attacks?

  • Mr_Sydney

    (@mr_sydney)


    7 years, 8 months ago

    My wp-login.php page is being subjected to brute force attacks. I have tried several things without complete success.

    Here is my new idea:
    Use FTP to copy wp-login.php to my local PC, then remove it from the server.

    When I want to login to my site (infrequent), I will use FTP to copy wp-login.php back to the server.

    Will this work? Will I do any damage to my site?

    You thoughts and suggestions are welcome.

Viewing 5 replies - 1 through 5 (of 5 total)
  • frasermarlow

    (@frasermarlow)

    7 years, 8 months ago

    I would advise you look at the CLEF plug in which does away with passwords and allows you to completely do away with the wp-admin login page. Plus it’s cool.

    zota marius

    (@zota-marius)

    7 years, 8 months ago

    You can block all access by editing .htacces file and enable only to the ip that will connect to wp-admin
    replace xx.xxx.xxx.xxx with your ip 

    <files wp-login.php>
# set up rule order
order deny,allow
# default deny
deny from all
allow from xx.xxx.xxx.xxx
</files>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    7 years, 8 months ago

    Alternatively, there are many plugins designed specifically for this, like https://wordpress.org/plugins/limit-login-attempts/ (which still works great despite its age), the Protect module of https://wordpress.org/plugins/jetpack/ , as well as more intense plugins like https://wordpress.org/plugins/better-wp-security/ and https://wordpress.org/plugins/wordfence/

    In short though, there are many ways to protect your home on the web without removing the door entirely.

    Thread Starter Mr_Sydney

    (@mr_sydney)

    7 years, 8 months ago

    Thanks for your suggestions. Very useful.
    I now have a plugin that blocks “them” from getting access to wp-login after 3 attempts.

    It has not stopped them running a program that keeps trying.

    I’ll see if any of the other plugins mentioned above will help with that.

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    7 years, 8 months ago

    Nothing is going to stop them from trying, there’s no way to do that. You can block them on your end, but you can’t shut them down on their end.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘wp-login.php – can I remove it to prevent attacks?’ is closed to new replies.