How block REST API Handbook

4-I used the Rename Login Page and hacker could find the URL ! and I changed my strategy to Cookie Based Brute Force Prevention but the hacker could find the URL again , How ???

5-I fixed the Number 1 by installing Disable REST API

• This reply was modified 3 years, 6 months ago by raha1988ab.

Hi
@mbrsolution

Would you please help me ?

Hi,

4-I used the Rename Login Page and hacker could find the URL ! and I changed my strategy to Cookie Based Brute Force Prevention but the hacker could find the URL again , How ???

Try the following documentation.

https://mbrsolution.com/wordpress/aiowps-plugin-pingback-protection-settings.php

Let me know if the above helps you.

Thank you.

Hi

1-I’m using your plugin more than 3 years and its very nice but I couldn’t config that to hide the information of my user to hackers. even when I disabled the rest api

site.com/wp-json/wp/v2/users
/wp-json/wp/v1/users
/wp-json/wp/v3/users

In Wordfence free version it is automatically block that code.
Would you please help to block this code to hiding my information from hackers???

2-The google recache v3 dos not supported by yours?

3-I did what was that document said and Now I get this : XML-RPC server accepts POST requests only.

A-I removed your plugin
B-I removed your plugin table with advanced-database-cleaner-pro
C-I installed again your plugin
D-I changed the settings but it still show me the XML-RPC
Now what should I do?

• This reply was modified 3 years, 6 months ago by raha1988ab.

Hi, did you follow my documentation above? If you did and you are still having this issue, what type of server is your site hosted in? Who is your host? Have you been in contact with your host about this issue?

Regards.

Hi
You were right, it was caused by CyberPanel that I’m using it,
https://forums.cyberpanel.net/discussion/1399/tutorial-how-to-block-xmlprc-php-in-ols
With that I could fix that problem but still hackers find my login url and I have no registration form or any subscribers
No Idea how to fix that…

Hi, what happens when you type an incorrect login URL. What error message do you receive?

Also, are you saying people are discovering your secret login URL?

Thank you.

Hi
I don’t know why I’m not receiving email of logs, changes, backup of database, attacks …
I changed the url to Cooke based and this is it:
https://mysite/?ZIPpar99khulujackSK57YPErop8FRUITY86EP=1
But I see in our logs that belongs to last night and there were some users try to login the site…

Hi, what happens when you type an incorrect login URL. What error message do you receive?

Now I set the failed login to redirect 127.0.0.1

Also, are you saying people are discovering your secret login URL?

Yesssss!
My question is how they found our secret login URL?

Hi,

My question is how they found our secret login URL?

I would get in contact with your host. Something in your site or server might be causing this issue.

Kind regards.

Hi
I have exclusive server and runing the CyberPanel contrpl panel that is free and powerfull.
If anything I can ask form theme , Please tell me.
Thanks

Today I tried to add some widget in my sidebar and The litespeed show me the error, After disabling your plugin, the problem was gone.
Do you want I give you an access to host that you can test it?

Hi, the plugin developers will investigate further your issue.

Thank you.

Hi and thanks for attention and your support
The litespeed problem in widget is https://snipboard.io/Tneoj0.jpg
and will solve when I remove the All In One WP Security & Firewall
Thanks

Hi
I read all documents in this link
https://mbrsolution.com/wordpress/all-in-one-wp-security-and-firewall-plugin.php
But there was problem, the comment was closed, So I ask here

What is the maximum time for these in plugin settings:
User Login -> Login Lockdown Configuration -> Login Retry Time Period (min)
User Login -> Login Lockdown Configuration -> Time Length of Lockout (min)

in locked IP addresses, I have 3 issue, first there is no option for exporting the logs, and no option to add all of the ip or selected to add in permanent black list, and after many failed login attempt , I saw there was 56 logs of ip address, I put all of them in black list, but I don’t know why after an hour the number of those list was decreasing!

Would you please help me ?
Thanks

• This reply was modified 3 years, 5 months ago by raha1988ab.

Hi,

Login Retry – 5 Minutes
Time length of lockout- 60 Minutes

Regarding the locked IP addresses, you can block them by adding them to the Blacklist Manager. The reason for the decreasing is probably because they have met the Time length of Lockout criteria (maximum 60 minutes), after which the logins are no longer blocked.