Hello all,
Similar question here, I use the iThemes Security plugin as well, and I saw a big flaw in the security.
All the : /wp-login.php, /wp-admin, /admin & /connexion are protected but …
I can see the log page if I type http://www.XXXX/login (not login.php, just login).
Am I the only one in this case ? Cause it seems like the whole plugin is useless in that case ?