Did not help
-
Hello, there are still some external login. How is this possible? I did exactly what you wrote.
https://www.ads-software.com/extend/plugins/stealth-login-page/
-
I’m confused as to how this plugin works.
My site is a private website which requires ALL users register and login.
Would this plugin prevent ALL users from logging in?
Jessie,
Thank you for creating the Stealth Login Page plugin! It seems to work when I test it. (And I SO want this to work!) However after installing it, I still had someone get locked out by the “Limit Logins” plugin. From my (very) limited knowledge, that doesn’t seem possible. WP 3.5.1
Any thoughts or updates?
Same thing here – I’ve installed Stealth Login, created a “secret” login page but Wordfence is still locking out invalid users, which I assume to be bad bots. What’s going on?
Everyone please look at your server logs. Line up the IP addresses of those offenders and see what paths they used. If they are already IP-logged from before, it’s possible that the plugin is kicking them out before my plugin.
I’m using this on sites with both of the login attempt plugins I mentioned with just 1 lockout today on my most-visited site for attempting “admin.” I will check my logs if you check your logs.
Here are two of mine and they don’t make sense yet. I am investigating it with my fellow developers whom I trust to dig in with me.
88.230.88.135 https://www.petersenmediagroup.com – [11/Apr/2013:21:44:55 +0000] “POST /wp-login.php HTTP/1.1” 302 3889 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)”
88.230.88.135 https://www.petersenmediagroup.com – [11/Apr/2013:21:44:56 +0000] “POST /wp-login.php HTTP/1.1” 302 3889 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)”
88.230.88.135 https://www.petersenmediagroup.com – [11/Apr/2013:22:21:01 +0000] “POST /wp-login.php HTTP/1.1” 302 3888 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)”
88.230.88.135 https://www.petersenmediagroup.com – [11/Apr/2013:22:21:01 +0000] “POST /wp-login.php HTTP/1.1” 302 3938 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 ( .NET CLR 3.5.30729; .NET4.0E)”——
76.253.78.54 https://www.petersenmediagroup.com – [12/Apr/2013:02:51:53 +0000] “GET / HTTP/1.1” 200 5675 “https://www.google.com/” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 https://www.petersenmediagroup.com – [12/Apr/2013:02:51:53 +0000] “GET / HTTP/1.1” 200 5675 “https://www.petersenmediagroup.com/” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 https://www.petersenmediagroup.com – [12/Apr/2013:02:51:53 +0000] “GET /wp-content/themes/minimum/images/logo-image.png HTTP/1.1” 200 3418 “https://www.petersenmediagroup.com/” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 https://www.petersenmediagroup.com – [12/Apr/2013:02:51:57 +0000] “GET /wp-admin HTTP/1.1” 301 251 “-” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 https://www.petersenmediagroup.com – [12/Apr/2013:02:51:57 +0000] “GET /wp-admin/ HTTP/1.1” 302 0 “-” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 https://www.petersenmediagroup.com – [12/Apr/2013:02:51:57 +0000] “GET /wp-login.php?redirect_to=http%3A%2F%2Fwww.petersenmediagroup.com%2Fwp-admin%2F&reauth=1 HTTP/1.1” 302 3026 “-” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 https://www.petersenmediagroup.com – [12/Apr/2013:02:52:01 +0000] “GET / HTTP/1.1” 200 5675 “https://www.google.com/” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 https://www.petersenmediagroup.com – [12/Apr/2013:02:52:02 +0000] “GET / HTTP/1.1” 200 5675 “https://www.petersenmediagroup.com/” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 https://www.petersenmediagroup.com – [12/Apr/2013:02:52:22 +0000] “POST /wp-login.php HTTP/1.1” 302 1576 “https://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 https://www.petersenmediagroup.com – [12/Apr/2013:02:52:43 +0000] “POST /wp-login.php HTTP/1.1” 302 1576 “https://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 https://www.petersenmediagroup.com – [12/Apr/2013:02:53:02 +0000] “POST /wp-login.php HTTP/1.1” 302 1575 “https://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 https://www.petersenmediagroup.com – [12/Apr/2013:02:54:36 +0000] “POST /wp-login.php HTTP/1.1” 302 1600 “https://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”
76.253.78.54 https://www.petersenmediagroup.com – [12/Apr/2013:02:55:13 +0000] “POST /wp-login.php HTTP/1.1” 302 1578 “https://brokencatholic.com/wp-login.php?redirect_to=http%3A%2F%2Fbrokencatholic.com%2Fwp-admin%2F&reauth=1” “Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.43 Safari/537.31”Brandon Kraft and I figured it out. It would appear that bots can attempt to POST the login form credentials via the address bar, never actually gaining access to the login page.
This illustrates that it is still important to have a strong login and to continue to use login limiting plugins, so Stealth Login Page is one of a 3-prong approach.
OK, makes sense. Thanks for the effort and research. Appreciate your help in making the WordPress community more secure.
It’s my pleasure. I’m a stickler for security and wanted to share this beyond my own clients who are on my host.
I will be working with some other developers to see if there is a way to kill that method entirely. Then it will be an ultimate security method.
THANK YOU! I have to say, the day after installing your plugin, the number of alerts I received from wordfence dropped dramatically. I’m glad you guys were able to figure out why there were still some sneaky little buggers trying to gnaw their way in – KUDOS to you guys!
- The topic ‘Did not help’ is closed to new replies.
