sduk

@wpsolutions

Thank you – It’s now sorted!

Hi, we have the same issue on one of our sites.

One sites server does not support the Brute Force Cookie Prevention feature, so we used the Rename Log-In Page feature.
We can log-in to this site and everything works fine.
The theme used is MyStile for this site.

The other sites server DOES support the Brute Force option, which we enabled. At first the log-in worked fine (3-days ago) but today when I try to log-in via the new page I can’t!
What actually happens is the log-in URL is reported in the address bar of the browser but all we see is the front end of the site just as if we had gone to the URL.
This is a bespoke theme written by an individual company.

How do we log-in without having to disable the plug-in via PHPAdmin?

Hi mbrsolution,

I haven’t used the WHOIS because the IP address used changes every time and at last count, 2,500 IP addresses would take too long to check them all!
Thankfully, whomever it was has decided to give up for now.
Thanks for your assistance.

Hi mbrsolution,

Thanks for the response and link. None of them really helped!
I had backed up the site prior to installing your plug-in, so I just re-installed the back-up after disabling your plug-in.

I re-installed your plugin and only set up basic, intermediate and a couple of advanced options.
The problem with Page Not Found has gone but unfortunately the person trying to hack our site continues to do so every minute or so!
They are using different IP’s so probably using a TOR derivative of some sorts.
We have a fixed IP address, so I tried the white list option but still the hacker/s keep trying!
I even set-up a new log-in page but to no avail!!!!

I will just have to hope they run out of IP addresses to attack from! But that is highly unlikely.
I can’t use the Cookie Based Brute Force Login Protection because the site fails the Perform Cookie Test button!
Currently at 1,547 locked IP addresses in the last day. At least they’re blocked until the year 3915!!!!