How is custom login URL being found

  • Resolved uelmaree

    (@uelmaree)


    5 years, 5 months ago

    Hi there, I’ve got your plugin installed and its been a great help so thank you ??

    I’ve changed the login url to some random url but hackers are still finding it and trying to log in (I know because of failed-login-attempts being emailed to me).

    How are they finding the login page?

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    They might be targeting the following file xmlrpc.php. This file can be found in the WordPress root directory of your website installation. Enabling one of the following features will help you even further.

    Have you enabled one of the following features? This is located in WP Security -> Firewall -> Basic Firewall Rules -> WordPress XMLRPC & Pingback Vulnerability Protection?

    Completely Block Access To XMLRPC:
    Disable Pingback Functionality From XMLRPC:

    Let me know if this helps you.

    Kind regards

    Thread Starter uelmaree

    (@uelmaree)

    Thanks for the reply. I don’t ever either of those 2 options checked. I also don’t know much about them. Will checking ‘Completely Block Access To XMLRPC’ not cause the loss of functionality for some plugins etc?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, if you think some of your plugins use the xmlrpc.php file then try the following feature Disable Pingback Functionality From XMLRPC:. You only need to enable one of the two. Let me know if this helps you.

    Kind regards

    Thread Starter uelmaree

    (@uelmaree)

    How would i know if a plugin uses xmlrpc.php?

    Hello, if I may intrude on this, I have the same problem.
    Disabling Pingback from XMLRPC doesn’t seem to keep bots from finding the modified login address.
    I am wary of disabling XMLRPC completely because it’s given me problems on some websites.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    How would i know if a plugin uses xmlrpc.php?

    Find out from the developers of your plugins if the plugins requires access to your site via the xmlrpc.php file.

    Kind regards

    • This reply was modified 5 years, 5 months ago by mbrsolution.
    Plugin Contributor mbrsolution

    (@mbrsolution)

    @brooner, can you start a new support thread. You can add a reference to this thread if you like.

    Thank you

    Thread Starter uelmaree

    (@uelmaree)

    So even with like 290 security score from your plugin + Cloudflare my site still got hacked yesterday and they added redirects to ad sites ?? I can’t even login to dashboard.

    All look to be Javascript malware https://sitecheck.sucuri.net/results/accessibletravelclub.com

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    Getting hacked is not something new. You can do your best to make it hard for hackers but at the end of the day some hackers still find a way.

    Even though a lot of effort has gone into developing this plugin to protect your site, sites might still get hacked. In that case the following URLs will help you. These are instructions provided by WordPress org support staff.

    My Site was hacked
    Hardening WordPress

    Let me know if the above helps you.

    Kind regards

    Thread Starter uelmaree

    (@uelmaree)

    Thanks for the reply and links.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘How is custom login URL being found’ is closed to new replies.