login page still found

  • Resolved germars

    (@germars)


    3 years, 11 months ago

    I was having dozens of notifications about this site and another, so I’ve added this plugin to both, and while I get a page not found on this site, the other site says error 404. But the issue is, I’m still getting notifications that some people are finding the login page as they are trying to sign in (using admin).

    How can that be? And why does this site not go to a 404, which the other site does?

    I hope you can help sort this out.

    Thank you,

    Mary

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author NicolasKulka

    (@nicolaskulka)

    Permalinks ?

    And install plugin disable-xmlrpc

    Thread Starter germars

    (@germars)

    I’m asking you about your plugin and you are telling me to install another plugin? And what is your “Permalinks?” question mean?

    Thanks

    This *may* help (or may not)… I see similar activity on our site… I change the hidden Login URL setting in the WPS Hide Login dashboard… and within hours I get new notifications that someone is getting locked out for invalid login attempts.

    At first I thought this was due to the login url being exposed via some hack… but I found that *ALL* of our locked login attempts come in via xmlrpc.php calls.

    This means they did not find the hidden directory – they simply used the protocol to try and login. This does not happen as often as the 404 hacks hitting the sight looking to expose details.

    You can not allow xmlrpc – but then this *might* impact other plugins such as Jetpack.

    Lastly, I found this by looking thru our logs in the iThemes Security plugin.

    Hope this is a little helpful…

    Thread Starter germars

    (@germars)

    Thank you Steve @lbwordpress , I appreciate you taking the time to reply. Shame that the Author didn’t.
    I have about 60 sites and was only having issues with two of them (well, dozens of sign-ins all at once) and the plugin seems to have helped with one but not the other. I have Wordfence set so that they can’t sign in for 2 months if they are locked out but I was scratching my head too. I tried the .htaccess route, but that crashed the site.
    I will have to put up with it I suppose and keep an eye on those sites to be sure they are immediately updated.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘login page still found’ is closed to new replies.