Hackers still finding URLs

  • Resolved jodani

    (@jodani)


    8 years, 1 month ago

    Hi

    I have the free version installed and I have the admin and login URL changed. I have been under a hack attack EVERY DAY, and as a result I keep changing the 2 URLs but it makes no difference. The last 3 attacks are from the following IPs.

    185.8.238.42 admin (1 lockout)
    94.23.250.115 ***** (1 lockout)
    46.118.155.228 ***** (1 lockout)

    What bothers me is that they keep finding the “hidden” URLs for the login and they even have the correct login name (hence the ***s above). Each time I change the URLs I test and get the anticipated 404.

    Please help – since the only thing stopping the hackers getting in at this point is the number of WP retries feature.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author John Darrel

    (@johndarrel)

    Hi,

    Please change both admin and login paths with personal names.

    admin and login paths are used by hacker bots for brut force attacks.

    Are you using Hide My Wp PRO? The current free version only hides the admin and login paths to see if the product is compatible with your WordPress.

    To hide all the URLs you need to activate the Ninja mode and the plugin will hide all the paths from your website.

    We are woking to add more features in the free version as well.

    John

    Thread Starter jodani

    (@jodani)

    Hi

    I have changed both admin and login paths to various names to confuse hackers and it makes no difference. They still find my page and attempt to logon.

    Regarding your response: The current free version only hides the admin and login paths to see if the product is compatible with your WordPress.

    You have got to be joking! You mean that your plugin actually doesn’t do anything except check for compatibility. How about stating that up front in HUGE letters on the WP page for your plugin. Just cannot believe that what you say is correct!

    Your PRO version may be good – but having a free version that only checks for compatibility is a real cheap shot.

    Plugin Author John Darrel

    (@johndarrel)

    The free version changes and hides the admin and login paths as it says. But also it helps you to find out if there are not conflicts between Hide My WP and the current theme you use or other plugins you’ve installed.

    The free version doesn’t hide all the paths on your website and if a bot is looking for other patterns it might find out that you are using WordPress.

    John

    Thread Starter jodani

    (@jodani)

    If what you say is correct – could you please provide some information about the following:

    I have changed the admin and login URLs a number of times. When I test the plugin by manually typing in the normal WP URL (e.g. https://mysite/wp-admin) I get the desired result, i.e. 404.

    However, even right now (after changing the URLs and testing), my site is being attacked every 20 minutes from Russian IPs. My question is:

    How is it possible for these guys to actually find the URL in the first place? Is there something somewhere that gives them some indication – because it no longer makes sense. Is this a possibility with the free version?

    Plugin Author John Darrel

    (@johndarrel)

    Seem that accessing some of your paths will redirect the user to the new login URL.

    Please send me your site URL to [email protected] and I will look into it.

    Best,
    John

    Plugin Author John Darrel

    (@johndarrel)

    Hi,

    Upgrade to the last version. We made it more secure against bot attacks.

    Regards,
    John

    Thread Starter jodani

    (@jodani)

    Hi

    Will do. If I have any further issues I will let you know.

    Many thanks

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Hackers still finding URLs’ is closed to new replies.