domain URL/wp-login.php still shows

  • Resolved mwarbinek

    (@mwarbinek)


    11 years, 2 months ago

    I think this plugin is a great idea, it averts the need to constantly block IP’s. BUT…..

    A hacker still has access to the “wp-login.php” page with the standard login box.

    The plugin redirected any attempt for “domain URL/WordPress/wp-login.php” to a 404 page, BUT when the hacker changed the URL request to “domain URL/wp-login.php” he got access to the standard login page and even bypassed other security I had installed that was suppose to make the login page harder to use.

    I saw your post relating to MutiViews where you suggested to use “wp-login” instead of “wp-login.php” in the PHP file, so I went to the PHP file to edit it and the recent plugin version has “wp-login” already, so I changed it to, “wp-login.php” and it made no difference.

    Any suggestions?

    https://www.ads-software.com/plugins/rename-wp-login/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Ella

    (@ellatrix)

    Is WordPress installed under /WordPress? Could you share your site url so I can have a look? If you don’t like it being on the forum, just add the url and the remove it immediately after that by clicking ‘edit’. I get emails from this forum, so I’ll still have it.

    Thread Starter mwarbinek

    (@mwarbinek)

    I think its OK, now.

    The issue got resolved somehow when another security plugin rewrote my whole blog into a new install removing all blog entries (I do have backup).

    I also think that other security plugin named: “Acunetix Secure WordPress”, may have caused the issue I first wrote about.

    I tested it now, after rebuilding my site and works fine. Take a look at that other plugin, it is quite involved and can even rewrite ‘wp’ prefixes to WordPress files (which is what reinstalled my blog). I think its capabilities is what blocked your plugin.

    Anywho, its all working now and I will just be more careful with that other plugin.

    Thanks

    Thread Starter mwarbinek

    (@mwarbinek)

    Oh yea, if you still wish, my blog URL is: https://mormondirection.com

    Thanks

    Plugin Author Ella

    (@ellatrix)

    I’m not sure how a wp-login.php file ended up in the root if WordPress was installed in a directory /wordpress, but I’m glad it’s working for you now.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘domain URL/wp-login.php still shows’ is closed to new replies.