wp-login.php still active

  • Resolved thowden

    (@thowden)


    7 years, 7 months ago

    Hi

    I have installed WP Cerber and it looks like it should do what it says on the box.

    I have set “Block direct access to wp-login.php and return HTTP 404 Not Found Error” as checked and created an alternate URL for my login page.

    Attempting to access /wp-admin.php or /wp-login.php or /wp-admin all get the 404 error page.

    So why is there so much email noise from WP Cerber telling me that there are Increasing Lock-outs, when I was expecting that attempts to access the above would go to a 404 page and not actually get to try and login with a username ?

    Thanks

    Tony

Viewing 1 replies (of 1 total)
  • Plugin Author gioni

    (@gioni)

    Hi!

    1. On the Activity tab check URLs for those attempts to log in.
    2. If you have not blocked XMR-RPC on the Hardening tab, bots/hackers cat try to use XML-RPC interface to log in. Disable it if you don’t need it.

Viewing 1 replies (of 1 total)
  • The topic ‘wp-login.php still active’ is closed to new replies.