Hackers locked out when using “hide backend”-feature.

  • This weekend someone has been trying to login several times to one of my sites using my custom admin name and custom login url. I am using the “Hide Backend” feature, but still some hacker was able to find this url. They might have been able to figure out my admin name since I hadn’t used the “Admin User”-feature: An advanced tool that removes users with a username of “admin” or a user ID of “1”.

    I got several e-mail notifications that some hacker has been using my admin name to log in and has been locked out. However, I can’t ban their IP since that information is not available either in the e-mail notifications or the security dashboard on the site.
    I would really like to be able to ban their IP’s.

    Also, I enabled the automatically ban users that log in as admin, but they only get a lockout – not a ban.

    Dear Site Admin,

    A user, “My-secret-custom-admin-name”, has been locked out of the WordPress site at https://exampledomain.com due to too many bad login attempts.

    The user has been locked out until 2016-11-26 08:54:20.

    To release the lockout please visit the lockouts page.

    Dear Site Admin,

    A host, 180.254.142.166, and a user, admin, have been locked out of the WordPress site at https://exampledomain.com due to user tried to login as “admin.”.

    The host has been locked out until 2016-11-26 13:22:26 and the user has been locked out until 2016-11-26 13:22:26.

    To release the lockouts please visit the lockouts page.

Viewing 1 replies (of 1 total)

  • I have the same problem at 3 of my websites.
    I’m also using the hide backend feature from the ithemes security plugin.
    Every week I get some mails that someone has been locked out.

    Is nobody here to unswer this question since 2 month???

    Andreas

Viewing 1 replies (of 1 total)
  • The topic ‘Hackers locked out when using “hide backend”-feature.’ is closed to new replies.

Tags