Preventing redirect of wp-login.php to actual login page

  • Before I present my issue, here’s the background on the website that I’m referring to.

    I have WordPress installed on domain.com/folder but with the usual .htaccess stuff, visitors just type in domain.com and they see the site. Now this website allows login from the members of the organisation, which allows to be view pages exclusive to members. Some members also have access to certain functionality using the admin dashboard (e.g. creating posts, pages). The reason I’m saying is to establish that I cannot put a blanket lockdown on the login.

    The site has recently undergone a brute force attack on wp-login.php but this looking at the logs, it was trying to reach domain.com/wp-login.php which, due to WordPress default behaviour, automatically redirects to domain.com/folder/wp-login.php.

    How can I prevent this direct access to domain.com/wp-login.php AND if I can’t, how can I stop it from redirecting to domain.com/folder/wp-login.php?

    I suppose I’m okay with a blanket lockdown on domain.com/wp-login.php access but would very much like to keep domain.com/folder/wp-login.php working when the users (i.e. members) who need to access it, can, which they do so now by clicking on a link from the home page.

Viewing 1 replies (of 1 total)

  • Try security plugins like Wordfence. The plugin blocks repeated login attempts from same IP address.
    There is free version available.

Viewing 1 replies (of 1 total)
  • The topic ‘Preventing redirect of wp-login.php to actual login page’ is closed to new replies.