hackers get by the login easily

  • Resolved david

    (@dskirk)


    1 year, 9 months ago

    I have the plugin active, but hacker wannabees readily bypass it or figure it out. How do they do that?

    The page I need help with: [log in to see the link]

Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Support MaximeWPS

    (@seinomedia)

    Hello !

    Thanks for using WPS Hide Login.

    Are you sure some peaople try to reach your secret slug whereas /wp-admin or wp-login.php ?

    Thread Starter david

    (@dskirk)

    All I can say is that attempted logins continued after installing the plugin. I’m puzzled that the attempts continue.

    Plugin Support MaximeWPS

    (@seinomedia)

    Can you share the logs reporting these attempts ?

    Where do they come from ?

    Thread Starter david

    (@dskirk)

    I do not have access to server, but I use Wordfence for security and it displayed these failed logins from today:

    test1 165.22.211.2048 hours 46 minutes ago

    12345678 206.189.139.1789 hours 16 minutes ago

    12345678 162.255.118.2059 hours 16 minutes ago

    vrzwk 143.110.149.6111 hours 6 minutes ago

    tester 89.46.106.17711 hours 46 minutes ago

    laszzy 68.178.225.22412 hours 19 minutes ago

    laszzy 44.203.51.24312 hours 49 minutes ago

    sinpetra 85.158.200.10712 hours 49 minutes ago

    sinpetra 202.191.60.14513 hours 31 minutes ago

    wwwadm 8.134.90.22414 hours 44 minutes ago

    Plugin Support MaximeWPS

    (@seinomedia)

    Is your install fully up to date (core, plugins and theme) ?

    A security fault may cause that.

    Thread Starter david

    (@dskirk)

    Yes, all up to date. There were six attempts in the past hour.

    Plugin Support MaximeWPS

    (@seinomedia)

    Your website isn’t fully https. Then, it isn’t fully secure.

    Moreover, your http version doens’nt redirect to half-https version. Then, you website can be hacked by this way.

    Before I keep investingating, I invite you to fix these issues redirecting http to https and erasing mixed-contents. You can contact your host for any advice or help about these actions.

    Thread Starter david

    (@dskirk)

    Thanks for the feedback. I plan to do that as soon as I get access to the server. That may be a week or more. If I should reopen at that time, please mark it closed for now. Otherwise, I’ll update as soon as I have https set.

    Thread Starter david

    (@dskirk)

    Just a followup: I did get authority and set SSL to HTTPS and the security problem disappeared. Thanks for that tip. All is working well. Thanks for your help.

    hi

    I found the problem..
    The problem is in the comments feature
    Here is an example: go to this link
    https://darespana.ma/etudier-la-pharmacie-en-espagne/
    Then at the bottom click on login (it will redirect you to the admin page easily)

    Thread Starter david

    (@dskirk)

    A BIG thanks. That would indicate that I resolved my problem when I removed posts and the ability to comment, having nothing to do with the security of SSL. Have you posted this to the support forum? This is good to know.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘hackers get by the login easily’ is closed to new replies.