I’m seeing this as well where after the WPS Hide Login plugin is installed, I am still seeing an odd and concerning number of attempted logins. I built these sites from scratch and I don’t know of another login page or admin url.
In testing both display a 404 message so the plugin appears to work as expected. Makes me wonder also if there is a back door that doesn’t use a page but can script through to log in or if the bots are quickly finding these hidden pages.
As far as we know, is there or is there not some other way to login that isn’t specifically a “page”? If not do we know how bots are quickly (within less than a day) locating the hidden URL (and I’m using very random un-guessable strings for the URL).
From there my big question is what’s next? I hope we discover something that lets me limit the brute force login attempts so I don’t need to load up on more plugins. – thank you.
