Brute force

  • Resolved PaulH

    (@phdesignsuk)


    4 years, 12 months ago

    Can you please tell me how someone can find the login page of my website 10 minutes after enabling the cookie based brute force option with a random string of 25 characters as the link extension?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    Can you please tell me how someone can find the login page of my website 10 minutes after enabling the cookie based brute force option with a random string of 25 characters as the link extension?

    They might be targeting the following file xmlrpc.php. This file can be found in the WordPress root directory of your website installation. Enabling one of the following features should reduce the number of logging attempts.

    Completely Block Access To XMLRPC:
    Disable Pinback Functionality From XMLRPC:

    The above features can be found in WP Security -> Firewall -> Basic Firewall Rules.

    Let me know how you go.

    Thank you

    • This reply was modified 4 years, 12 months ago by mbrsolution.

    @phdesignsuk and @mbrsolution
    I found the login url widely show when using in the browser addressfield :
    view-source:https://mydomain.com/wp-admin
    about lines 255 and 279
    This happens when you first configured a login url and after that disabled this function.
    After enabling this function your login will not be visible again.

    Enable Rename Login Page Feature: V Check this if you want to enable the rename login page feature

    • This reply was modified 4 years, 11 months ago by webitman.
    Plugin Contributor mbrsolution

    (@mbrsolution)

    @webitman, please can you start a new support thread.

    Thank you

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Brute force’ is closed to new replies.