Blocking access to wp-login.php

  • Resolved skyhawkpictures

    (@skyhawkmedia)


    6 years, 8 months ago

    Hi there,

    Thank you so much for a great plugin. It has already helped keep the hackers away so much.

    I’m just looking into the renaming of wp-login.php. I have enabled a custom URL and disabled access to the wp-login.php. However, I can still access it. In case there was some caching going on, I even downloaded a new browser and used that – I could still access it no matter what.

    However, when trying to access it from work, I couldn’t. I got the 404 as expected. So it appears that accessing from my own IP is allowed, and another IP is not.

    So my question is, is the wp-login.php blocked for everyone, or am I allowed to access it if I’m on the whitelist?

    Thanks
    Steve

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter skyhawkpictures

    (@skyhawkmedia)

    Hi again,

    You know what, I think I answered this myself. Reading your page on Whitelisting, it appears that the whitelist is checked, and if an IP is on it, then no further checks are made of any kind.

    So that would explain how I can access the wp-login.php.

    I think it is probably worth putting a help note on the Cerber settings page where these options are. All I see is “be careful! you can lock yourself out” which is fair enough, but if it said “be careful! you can lock yourself out unless you’re on the whitelist” instead, I think that would be helpful.

    All the best
    Steve

    Plugin Author gioni

    (@gioni)

    Hi!

    Yes, the Access Lists are very powerful tool. They have highest priority among other settings. Some explanations are given: https://wpcerber.com/using-ip-access-lists-to-protect-wordpress/

    Actually there are a lot of ways to lock yourself out with Cerber because the plugin engine performs plenty of inspections for each incoming request. Many of them can lead to lockout. Just do not act as a bad actor or a hacker. ??

    Thread Starter skyhawkpictures

    (@skyhawkmedia)

    Thanks for the confirmation Gioni.

    That’s no problem, I have no issues with it. As I say, the only helpful addition would be to reinforce that notion to the user. I only discovered it because of this issue. Although you have explained it clearly in your access lists post, it’s not obvious from the settings page, that’s all.

    Thanks again and keep up the great work
    Steve

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Blocking access to wp-login.php’ is closed to new replies.