Can Brute Force Attack Figure Out Wp Login URL After It’s Been Changed?

Viewing 3 replies - 1 through 3 (of 3 total)

  • There are other ways to brute force attack, such as xml-rpc, WP JSON API

    changing login url reduces the brute force attack attempts from lazy bot/hacker but it is not a login protection.

    Thread Starter Christopher Panny

    (@cpcreativestudio)

    So is there a way to put a cap on how many times a bot/hacker can try searching for the login page?

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Moved to Fixing WordPress, this is not an Everything else WordPress topic.

    If the wp admin login URL is changed (via plugin), can a bot or hacker figure out the new URL

    Yes, and the brute force part does not matter. Moving the login does not work ever because there are other ways to log in via XML-RPC, getting re-directed via admin URL attempts etc.

    Moving the login URL just makes your site unsupportable and had nothing to do with security. Use strong passwords and enable two-factor authentication via a plugin.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Can Brute Force Attack Figure Out Wp Login URL After It’s Been Changed?’ is closed to new replies.