Luna
Forum Replies Created
-
Thanks Ed
Let’s wait and see what the plugin author comes up with. Hopefully he can make a fix and I won’t have to bother you any more.
Cheers
LunaThanks. I don’t understand why that one sentence would help a bot, or allow Ed to find my secret word – but if you think that is the solution, great.
It is possible I made a mistake in editing the .htaccess file according to your instructions yesterday.
Is there a way to make this setting via the AIOWPS interface?
If not is there a way for me to send you the text of the file by email? I feel a bit nervous displaying it here publicly!ALSO: I remain puzzled why this security breach just started to be apparent to the bots on 5 Sept. I have been using AIOWPS with no problems for several months.
Thanks
LunaIt gives a blank screen with the text:
XML-RPC server accepts POST requests only.
Just to let you know: I changed over to cookie-based protection but it seems to have made no difference.
I am now getting lockdown notifications every half hour. Always with username admin but different IPs from different countries.
Would it be worth trying something else (eg. the capcha option) or just wait till you can find a solution?
Good luck
LunaOK another lockout notification, with username admin, from IP in Israel. I think we can assume the ,htaccess solution hasn’t really worked.
Sorry to be bearer of bad news. Hope it is not too troublesome to fix…
I forgot to mention that both of these attacks came from the same IP address, evidently in India. Till now all the attacks have been from different IPs in a range of different countries.
Yes well I have had some additional lockout messages since making the recommended changes to the .htaccess file, and the username is no longer just ‘admin’. One uses the secret login word of my site and the other gives the impression it might be using the secret login word of someone else’s site.
@eddyfems – can you confirm whether you tried to log in to my site as well as discovering its secret login word? If you did, did you use those usernames? If so that might account for the breaches. If not, it must have been someone else getting my secret login word I guess – though where the other attempted username came from I can’t suggest.
@wpsolutions – either way it seems there is a problem with the plugin! Hope you can sort it out soon.
Cheers
LunaOK I have done that. Just to check: in following your instructions I REPLACED the following code in .htaccess with the lines you mentioned (files to /files). Is that right?
<IfModule mod_alias.c>
RedirectMatch 403 /(.*)/xmlrpc\.php$
</IfModule>I will let you know what happens. I should note that the number of lockouts seems to have decreased today even before I did this, but they are still coming so it will be good if this change can stop the baddies completely.
Thanks
LunaI think this is the same issue I am having. I have been using my site happily with the renamed login page feature – then all of a sudden a few days ago I started getting lots of lockout notifications showing attempted logins with username ‘admin’ (which of course I do not use).
I thought at first they must have found some other way to access a login page from my site but AIOWPS does not seem to give me the URL of the login attempt and I do not know enough about WP to guess what it might be.
I changed the name of the renamed login page but that does not seem to have helped – still getting lots of attacks.
Reading this thread made me realise the problem did seem to coincide with the update to WP 4.0 and wonder if the attackers can somehow now detect the renamed login page name?
Wondering whether to change over to cookie-based login protection? I like the renamed page but as it is just me using the site, cookie-based might be ok for me.
Any other thoughts would be gratefully received. Let me know if you need any further info.
Thanks for a FABULOUS plug in!! (That always gets left till last in support requests but really you guys are fantastic with the work and expertise you put in).
Cheers
Luna (forensictranscription.com.au)Sorry – I got your msg by email and it only showed the first sentence – in case you rightly thought my reply was a little obtuse!
Yes I have read how to do it via WP but for many reasons I’d really love to have a way to do it via the security plugin.
To my naive eye it does not seem any more ‘a WP feature’ than all the other things all-in-one does. And as I recall my previous security plugin (which had many issues and was not nearly as good as all-in-one) did allow this setting to be changed via its interface.
If it is possible to do I would love to add it as a feature request.
Thanks again for your help
Yes the login page.
It has fields for USERNAME and PASSWORD, tick box for REMEMBER ME and below that a link called ‘Lost your password?’.
If you click that link you can enter your email address and (if the email address belongs to a user) it emails you a link to reset the password.
Does that clarify?
I want to get rid of that ‘Lost your password?’ link. I don’t think anyone legit will ever need it and it seems like an unnecessary vulnerability.Thanks for helping
LunaForum: Fixing WordPress
In reply to: simplepie/php memory errorPS New blog is forensictranscription.com.au/wordpress (there is nothing there right now – and dont worry I know about the index.php issue at forensictranscription.com.au – was half way through fixing this when the above happened)
Forum: Fixing WordPress
In reply to: simplepie/php memory errorIn trying to set up another blog – when I went to install jetpack, I got the following error.
Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 30720 bytes) in /home/forensic/public_html/wordpress/wp-admin/menu.php on line 43
It doesnt mention simplepie but seemed somehow similar so I deactivated jetpack on the first blog – simplepie error message disappears.
PROBLEM IS – on the new blog this really is a fatal error (the simplepie one says fatal but I can still function).
I can now do nothing, not even get rid of jetpack (which never fully installed). Every click brings up a memory message similar to the above but mentioning different files and lines and memory sizes.Please help!
I expect my host will say it is a wordpress problem and they are very explicit they offer no support for wordpress.Thanks very much as always.
Forum: Fixing WordPress
In reply to: Please help me regain access to my blog!Yes I put the original addresses with the ‘wordpress’ URL into the functions.php file, and that address now appears in the settings>general page, and also in the permalinks at the top of each page in the edit screen.
Yes I can enter the admin and do anything I want in there. When I view the homepage it is fine, but when I click a link to a page other than home it gives the ‘page not found error’ – but it appears to be looking for the page with the ‘rethink’ url (not ‘wordpress’).
I have now clicked save settings in permalinks and everything seems to be functioning properly again. Phew.
Thanks again. Much appreciated.
LunaForum: Fixing WordPress
In reply to: Please help me regain access to my blog!Oh dear I spoke too soon – my site loads, the home page and the admin panel – but my pages do not.
All the links both from the blog menus and from the Pages section of the admin panel seem to point to the URL I accidentally changed it to rather than the /wordpress one – and thus get a ‘not found’ error.Can you help me one more time?
Thanks again
Luna
PS I used the method of editing the functions.php file (the second one in the help page you sent me to). Maybe one of the other methods would be better for me?