Site Lockout Notifications After Renaming Login Page

  • Resolved gfmin

    (@gfmin)


    7 years, 11 months ago

    I am using the “rename login page” feature in AIOWPS and yet somehow the login page is being used for several daily attempted logins. I have no idea how they are finding the page. I have tried and researched every scenario I can think of, even updating bad links and turning off “maintenance mode” (which was revealing an Admin button, revealing the renamed login page). The site is not yet “live” (the old HTML site is still active). The website is located at https://www.blessedhopechapel.org

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor wpsolutions

    (@wpsolutions)

    Hi,
    If you have hidden your login page then the chances are they have NOT found it, but instead they are probably targeting your xmlrpc file.

    Try activating the pingback protection features in the firewall rules which should put a stop to the login attempts. (NOTE: those features will only work if you have an Apache-type server installation)

    • This reply was modified 7 years, 11 months ago by wpsolutions.

    Is it possible to disable the ping back to the xmlrpc without effecting jetpack?

    Thread Starter gfmin

    (@gfmin)

    wpsolutions, thank you for your reply. I DO have “Disable Pingback Functionality From XMLRPC:” activated. However, I do NOT have “Completely Block Access To XMLRPC:” activated (as I may need this). I am receiving up to 50 login attempts a day and I have no idea how this is possible. I have almost every security measure running in AIOWPS.

    Thread Starter gfmin

    (@gfmin)

    BTW – I am on an Apache server.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Site Lockout Notifications After Renaming Login Page’ is closed to new replies.