Failed Logins – Show Login URL?

  • Resolved newtechweb

    (@newtechweb)


    7 years, 10 months ago

    We’re using “Rename wp-login.php” to change the login URL. And we’re using the Sucuri plugin to send an e-mail alert every time there’s a login, successful or failed. We’re receiving dozens of failed login notifications every day, even though the login URL is NOT the default (“wp-admin”) and is not linked to from anywhere in the website. How are the bad guys finding the login URL?

    It would be helpful in the Sucuri “Failed Logins” log to show the URL where the attempted logins took place. Is there any way to display that? (The “Username” and “IP address” fields in the attempted login list doesn’t help us know what URL they were using in attempting to login.)

    In the “Last Logins: Settings: Alerts” section I see we can use the pseudo tags to add information to the e-mail alert subject line. Is there a pseudo tag list somewhere? Is there a pseudo tag for “login URL”?

    Thanks

Viewing 1 replies (of 1 total)

  • Hi newtechweb,

    I suggest checking your access logs to find out where the login attempts are really being made. You can limit access to the login with IP restrictions in .htaccess. The login attempts might also be coming through access of your xmlrpc.php file. Restricting access to xmlrpc.php can be a good idea. However, restrictions can break some plugins, like JetPack. So, be sure to test that.

    Another option is using a firewall to block system.multicall requests.

    The plugin’s login alert won’t give you the URL.

    Regards,
    Eve

Viewing 1 replies (of 1 total)
  • The topic ‘Failed Logins – Show Login URL?’ is closed to new replies.