Getting Attempted Hacks – Can't Figure Out How/Why!

Hi Karl,

Have you enabled the following features?

If you have a static IP address and you are the only one that logs into your website, you could Whitelist your IP address and or those who login in. But remember once you add any IP address to the Whitelist, those will be the only IP addresses that will be able to log into your website.

Also try enabling ping back protection if you haven’t done so yet.

Regards

Hi Karl,
I think that your secret URL is NOT being compromised.
The lockouts you are seeing are most probably caused by bots sending xml/rpc requests to your site. Within those requests they are including a username of “admin” together with a password.

As mbrsolution has stated, you should enable the “pingback protection” feature which should stop these xml/rpc requests from bombarding your site.

mbrsolution & wpsolutions – thanks for the prompt feedback and advice!

It sounds like you have hit the nail on the head. I was allowing pingbacks and had no idea this could be causing the issue at hand. I’ve now implemented the pingback protection.

I am greatly relieved to know that there is no “leakage” happening here! And… I learned something new today about WP security I did not know. Even better.

If there are any further concerns, I will get back to you. If not, assume you have answered my question and solved the issue.

Thanks again. Much!!! ??

Hi KSteinmann that is great news ??

You may mark this support thread as resolved if you don’t need any further assistant.

Thank you

I think that did it, guys!

No more hack attempts since I set the pingback protection.

I really, really appreciate the fast help and support. I was mystified. It’s great to know you guys are on the ball!

Rock on, and keep up the GREAT work!

??

I’m getting the same types of hack attempts, repeated brute force attempts to log in as ‘admin’ from different IP’s on each attempt.

The ‘prevent pingbacks’ function is/has been active this entire time. So, apparently it’s not blocking the xml/rpc attacks you mentioned.

Since ‘admin’ doesn’t exist we haven’t had to worry. But, it does give us the feeling that they have found our login form which should be ‘cloaked’ with the custom URL provision in AIO.

I’m having the same problem and I do have “prevent ping backs” active. In fact, the only site I run that isn’t being attacked is the only one that I don’t use this plugin on. It’s also the only site that I have installed in a subfolder of the domain; i.e.: https://www.domainname.com/wordpress/

In fact, I have never had any problems with this site getting hack attempts. Could the fact I installed it in a subfolder called “wordpress” be the reason it’s not getting attacked?

Hi @simco and @gdaniels99,
Both of you say that you have the “pingback protection” enabled, so I want to confirm something.
Can you please try a quick test:
using a browser, enter your site’s url followed by “xmlrpc.php” and let me know what you see.
Example:
https://www.yoursite.com/xmlrpc.php

I get the following message:

XML-RPC server accepts POST requests only.

Hi @gary D please read the following thread. It might have the solution to your problem.

Kind regards