Hacker still finding way to attempt login

Do you have the latest version installed? I get a 404 page for wp-admin, but in the most recent versions this is a wp_die message…
Are there any links to the login page on the website?

It can also depend on what the new url is. if it’s ‘login’ or ‘manage’ or something similar, it’s easy to guess.

Ah, okay, you’ve installed under /new.

Yes, it’s the latest: 2.1.1. And the login URL is 15+characters, almost impossible to guess. I’m also using the Wordfence plugin and the Bulletproof Security plugin and I’m very pleased with those two, plus your rename plugin. I was just wondering if there might be some back door technique that might be exposed that I need to lock up. Any suggestions are welcome. Thanks. I’m not reporting a “problem” with the plugin; just looking for ideas. And I’ll close the topic after your response. Thanks, much.

Not any back door I know of. I’ll try to find your login page, but I don’t think I can.
This plugin does change all login links to the new one, including redirects, but it takes care of the ones coming from wp-admin, wp-login.php, wp-signup.php and wp-activate.php, by blocking those pages if it can, or not filtering. If the user shows any login links, that’s their choice.
There might be a link or a redirect I’m not aware of. Or maybe you have a password protected post somewhere.

I’ll mark this as ‘not a support question’ instead, but please do let me know if you found out more!

Okay, Thanks for your thoughts. I’ll advise if I uncover anything.
david

Same problem here. Did anyone ever find anything?

I’ve had no problems since then, but I did add this text to .htaccess:

# Throw out requests to the usual login addresses
RewriteCond %{REQUEST_URI} .*(wp-login.php|/login|/admin)$
RewriteRule (.*) https://%{REMOTE_ADDR}/$ [R=401,L]

However, I’m not fluent in hatccess so I’m not able to explain it – and I don’t know if it helped or not. I just know I’ve had no problems.

david