Renamed login URL being found consistently

Hi @notmikelol

Do you have multisite installation ? IF yes recently we found one issue for rename login page being exposed and upcoming version of AIOS will have it solved.

If you do not have multisite installation can you please let me know if you have any theme or plugin installed which have custom login functionality which might be exposing the renamed login page.

Regards

Hiya, thanks for such a quick reply.

No, none of the sites are multi sites.

AIOS is the only plugin we use for security – no other plugins handle security, so I would tentatively rule out a plugin clash. All sites are running the latest WordPress and AIOS as of Monday 16th Oct.

We use the REST API frequently (only GET requests), but this doesn’t appear to leak any data in terms of AIOS settings and we have not extended the API in any way. It would make no sense for that to ever be available on an endpoint anyways.

Look forward to your response. Thanks again!

Hi,

Can you please share your site URL using https://pastebin.com/ ?

( you may user burn after read option )

Regards

@hjogiupdraftplus

Link can be found here https://pastebin.com/HWnA23vt

Hi @notmikelol

If I cross check your site it redirects to 127.0.0.1 so it seems cookie based brute force on.

Do you have cookie based brute force on and renamed login url both ?

If possible can you please share with me secretword and renamed login page., you can change after sharing both on pastebin.

I have copied your site HTTrack copier so can cross check if any where it is exposed.

How you come to know that renamed login page exposed. Do you have any invalid login attempts on Audit log. ? If yes Audit log will have stack trace which shows from where the user try login.

If you have invalid login attempts in audit log. XML RPC call of wp_getUsersBlogs is trying to authenticate the user. – WP Security > Firewall > Basic firewall rules tab > Completely block access to XMLRPC , Disable pingback functionality from XMLRPC Please check both and Save.”

Regards

Hi @hjogiupdraftplus

Thank you ever so much for your assistance so far.

Yes – I have enable both recently. We usually don’t use the cookie based solution. https://pastebin.com/bkmnWipr

Yes – I am aware of the login page being found due to failed/invalid login attempts.

I had already disabled the pingback functionality but I have now ticked both. It would seem that the XMLRPC comes up in the stack trace so sounds like you may have located the issue?

Thanks

Hi @hjogiupdraftplus

It seems that XMLRPC was the issue and updating the settings like you recommended seems to have fixed it.

Thank you for your assistance.

Hi @notmikelol

Glad to know issue seems solved.

Would you mind writing a quick five-star review on www.ads-software.com?

https://www.ads-software.com/support/plugin/all-in-one-wp-security-and-firewall/reviews/#new-post

Reviews also help others to make confident decisions about our plugin.

@hjogiupdraftplus Just left a review. Really appreciate your help on this last week. All the best