Logouts when /wp-admin/ and wp-login.php is hidden, with random login URL

  • Resolved MamasLT

    (@mamaslt)


    7 years, 6 months ago

    Hello. Its really strange, but i have set the cerber to hide login features, with random 32 symbol login URL, and I get ridiculous amount of LOCKOUTS still. Any ideas HOW the lockouts are there, if there is no page to login for those bots?
    How do you deal with that and how does it even occur?
    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author gioni

    (@gioni)

    Hi!

    You need to check these checkboxes in the Main Settings:

    1. Block direct access to wp-login.php and return HTTP 404 Not Found Error
    2. Disable automatic redirecting to the login page when /wp-admin/ is requested by an unauthorized request

    Finally, go to the Activity tab and inspect the URL field in the Event column. What URL do you see?

    Thread Starter MamasLT

    (@mamaslt)

    Hi. Yes those are all checked ok, just did not see teh URL before. It is main domain name, and 2 of its aliases with the end /xmlrpc.php e.g.
    domainname.com/xmlrpc.php

    They are trying to loging somehow with this url?

    Plugin Author gioni

    (@gioni)

    That’s easy. Go to the Hardening tab and check this:

    Block access to the XML-RPC server (including Pingbacks and Trackbacks)

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Logouts when /wp-admin/ and wp-login.php is hidden, with random login URL’ is closed to new replies.

Tags