Can Login URL Be Determined While Using This Plugin?

  • Resolved bracked

    (@bracked)


    6 years, 7 months ago

    One of my websites has been under sustained brute force attacks for a few days now. Whenever I block the IP the attacks are coming from, it starts again from a new address.

    I tried activating this plugin in order to change the URL for both /wp-admin/ and /wp-login.php. After changing both to custom values, the attacks continued (logged with Sucuri).

    I was expecting the attacks to stop once the login URL was changed, as the attacker shouldn’t even know where the admin portal is located, however they have continued unabated.

    Do you know how this might still be happening? Is it possible for an attacker to “find” the new custom admin URL that I created?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor Maya

    (@tdgu)

    Did you also block the default wp-admin and wp-login.php?

    Does the attacker brute force on default urls on new login? If this happen, the login/admin might be available on your front html, check on that.

    There is no way for someone to “find” the new admin/login urls unless they are outputted on front html by the theme or a plugin.

    If you think we can assist further, feel free to contact at https://www.wp-hide.com/

    Thread Starter bracked

    (@bracked)

    I think I figured out what was happening. I figured out the attacker was accessing xmlrpc.php file in the root wordpress directory. I think this let them around the login URL entirely.

    • This reply was modified 6 years, 7 months ago by bracked.
    Plugin Contributor Maya

    (@tdgu)

    You can disable the service or even block that file, see our plugin options.

    Thread Starter bracked

    (@bracked)

    Thanks. After disabling the file with your plugin, and blocking the IP address in Wordfence I haven’t seen any more access attempts as of now.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Can Login URL Be Determined While Using This Plugin?’ is closed to new replies.