Still have login attempts

I am also getting this problem, I’d like to know a solution that doesn’t disable XML-RPC

deleted, my suggestion dis not work!

What’s the best way to find if you’re using XML-RPC or not?

Thank you for the suggestions provided. It’s helped me. ??

Most likely if you don’t know if you’re using it or not, it means you’re not

Hi all, I hope this helps someone. Today I’ve noticed login attempts on two of my WP sites on two different servers, both with this great plugin installed. What I’ve found to be happening is that the attacker has hit mysite.com/wp-register.php (which isn’t in either file system) – this redirects them in the background to mysite.com/my-wps-hide-login-url and gives them the ‘registration disabled’ notice. As a quick fix I’ve created a blank wp-register.php in the root directories and just fired ‘exit;’ in it.

Just thought I’d mention it in case anyone finds it helpful.

Me too I now receive new login attempts warnings + when visiting wp-register.php, I get redirected to my hidden login page!
I’ve tried you fix sy2j and the redirection doesn’t occur anymore.
Let’s see if I don’t get more login attempts now.

Thanks ??

After 4 days, I didn’t get any login attempts ! Thanks sy2j ??

I installed this plugin and within 15 minutes of setting it up I had login attempt notices being mailed to me by my Sucuri Security. After reading this thread here it seems that not only do we have to install the plugin but we also have to modify our htaccess file and our wp-register.php file???

So then…what is the plugin good for then if it doesn’t handle this itself?

Looking for answers…thank you.

sy2j,
did you mean to type mysite.com/BLOG/wp-register.php ?
you said mysite.com/wp-register.php and that didn’t work for me.

Also, how do you “fire exit” in htaccess?

thanks.

Remy Perona, any update to the plugin to fix this issue?

Thanks.

bertarecchia,

The location of the wp-register.php file will be in whichever directory WordPress is installed, I would have thought. Mine was in the root folder but if you have WordPress installed so its home page is /BLOG then yes, that’s where wp-register.php should be.

The ‘exit’ command wasn’t in htaccess, it was in my blank wp-register.php. I’m not really good enough with htaccess commands to recommend you do something on my say-so, but I imagine Siteturner’s XML-RPC solution above would work for wp-register.php too.

OK… so this is what is happening with my site, but I do not know enough about programming/coding so I don’t entirely understand the fix. If someone can walk me through this I’d appreciate it. i’m starting to see an upswing of attempted logins again.

Hi TDRock,

You’ll need an FTP client and a text editor.

Once you have logged into your FTP server:

1) Go to /public_html/ if you have WordPress installed in your root folder. Or go to /public_html/wordpressinstall, where wordpressinstall represents whatever you named the subdirectory (folder) where you installed WP.

2) Find the .htaccess file.

3) Duplicate the file using your FTP client in case something goes wrong so you have a backup.

4) Right click and open the .htaccess file with your preferred text editor.

5) Copy and paste this code into the top of your .htaccess file

<Files "xmlrpc.php">
Order Allow,Deny
deny from all
</Files>

6) Save .htaccess file.

If you download the .htaccess file to your HDD before editing, you’ll have to re-upload via FTP to the appropriate place as outlined above.

If you are using Transmit FTP and CODA to make changes, saving right from CODA will automatically save the changes to the server so you won’t have to download/upload the file.

Hope this helps!

Thanks very much Angelalgibson! I shall give this a try ??

EDIT: Hmmmm…. I either missed a step or misunderstood or something because it’s not working for me thus far…

IF I do the steps listed above correctly, what should happen, exactly?

I have xml-rpc turned off (renamed the file). This works with all but one account. For some reason I still have one site that is able to get login attempts from Russia. Not sure how or where this is happening?

Just tried your solution sy2j. As you reported, typing sitename.com/wp-register was re-directing to my re-named login page and my site was continuing to get hammered by attackers. Will report back in a few days