Title: Steve White's Replies | WordPress.org

---

# Steve White

  [  ](https://wordpress.org/support/users/lbwordpress/)

 *   [Profile](https://wordpress.org/support/users/lbwordpress/)
 *   [Topics Started](https://wordpress.org/support/users/lbwordpress/topics/)
 *   [Replies Created](https://wordpress.org/support/users/lbwordpress/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/lbwordpress/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/lbwordpress/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/lbwordpress/engagements/)
 *   [Favorites](https://wordpress.org/support/users/lbwordpress/favorites/)

 Search replies:

## Forum Replies Created

Viewing 4 replies - 1 through 4 (of 4 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WPS Hide Login] login page still found](https://wordpress.org/support/topic/login-page-still-found/)
 *  [Steve White](https://wordpress.org/support/users/lbwordpress/)
 * (@lbwordpress)
 * [5 years, 2 months ago](https://wordpress.org/support/topic/login-page-still-found/#post-14381044)
 * This *may* help (or may not)… I see similar activity on our site… I change the
   hidden Login URL setting in the WPS Hide Login dashboard… and within hours I 
   get new notifications that someone is getting locked out for invalid login attempts.
 * At first I thought this was due to the login url being exposed via some hack…
   but I found that *ALL* of our locked login attempts come in via xmlrpc.php calls.
 * This means they did not find the hidden directory – they simply used the protocol
   to try and login. This does not happen as often as the 404 hacks hitting the 
   sight looking to expose details.
 * You can not allow xmlrpc – but then this *might* impact other plugins such as
   Jetpack.
 * Lastly, I found this by looking thru our logs in the iThemes Security plugin.
 * Hope this is a little helpful…
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[GiveWP - Donation Plugin and Fundraising Platform] GiveWP Multi-level Donation Button CSS](https://wordpress.org/support/topic/givewp-multi-level-donation-button-css/)
 *  Thread Starter [Steve White](https://wordpress.org/support/users/lbwordpress/)
 * (@lbwordpress)
 * [5 years, 10 months ago](https://wordpress.org/support/topic/givewp-multi-level-donation-button-css/#post-13329854)
 * Rick,
 * Awesome! Implemented.
 * Thank you!!
 * Steve
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Shield Security – Smart Bot Blocking, Brute-Force Login Protection & File Scanning] Appears someone has found renamed wp-login](https://wordpress.org/support/topic/appears-someone-has-found-renamed-wp-login/)
 *  Thread Starter [Steve White](https://wordpress.org/support/users/lbwordpress/)
 * (@lbwordpress)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/appears-someone-has-found-renamed-wp-login/#post-8991133)
 * From my limited testing, Limit Login Attempts only inserts itself when the “login”
   page is accessed. It creates a log only when an attempt is made to login into
   the true login page. Here is the log
 * IP Tried to log in as
    151.80.4.182 admin (1 lockout), pucek (1 lockout)
 * This is not a huge issue at the moment. This is the first log I have seen made
   in the past two months since installing Shield. Before that… our site had 15 
   or 20 minimum per day (likely all bots). Just wondering how someone might be 
   finding the true login page.
 * The IP above is listed as in France. Our site is in the US and hosted in the 
   US.
 * I’ll continue to watch.
 * Thanks for the reply.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[IP Ban] Issue with IP Ban – users were unable to view webstie](https://wordpress.org/support/topic/issue-with-ip-ban-users-were-unable-to-view-webstie/)
 *  [Steve White](https://wordpress.org/support/users/lbwordpress/)
 * (@lbwordpress)
 * [9 years, 4 months ago](https://wordpress.org/support/topic/issue-with-ip-ban-users-were-unable-to-view-webstie/#post-8830728)
 * I am having very similar issues. Simply not working. Since I do not see any replies
   to the original issue… can only assume that no really cares about it. Even if
   it is to point one to the solution somewhere else. Removed plugin… now moving
   on to other security tools.

Viewing 4 replies - 1 through 4 (of 4 total)