“Lockouts increasing” warning with custom login page

  • Resolved PaulJBis

    (@pauljbis)


    7 years, 6 months ago

    Hello:

    I received today a lot of email warnings from WP-Cerber saying that “The number of lockouts is increasing”. The emails say that the reason for the lockout is that someone tried to log into my site using the “admin” username, which doesn’t exist.

    Here is the problem, though: I have set up a custom login URL, and I’m positive that I didn’t share it with anyone. Therefore, I’d like to know when do these lockouts and warnings get triggered: is it when someone tries to log in using my custom URL? Or do they get triggered too if someone tries to log in using the standard /wp-admin/ address? Because in the first case, it would mean that someone guessed my custom URL, but I find that impossible.

    Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author gioni

    (@gioni)

    Hi!

    1. On the Activity tab check URLs for those attempts to log in.
    2. If you have not blocked XMR-RPC on the Hardening tab, bots/hackers often try to use XML-RPC interface to log in. Disable it if you don’t need it.

    Plugin Author gioni

    (@gioni)

    Please install the latest version and let me know if you need help.

    Thread Starter PaulJBis

    (@pauljbis)

    Hello:

    Thanks for your help and your follow-up. I installed version 5.1 a couple of days ago, and changed the login URLs again. Since then, I’ve seen a large number of login attempts using the XML-RPC interface, so I just disabled it…

    …*However*, I’ve also seen a few login attempts using the new URL, which I haven’t shared with anyone. In fact, I’ve logged into them using only my 2 computers at home, which I’m reasonably sure don’t have any malware in them. So I don’t really understand how the hackers are guessing the new URLs.

    What is XMR-RPC? If I blocked it does it have any effect on my website?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘“Lockouts increasing” warning with custom login page’ is closed to new replies.