Hidden backend discovered?

Viewing 4 replies - 1 through 4 (of 4 total)

  • @mrshort

    Most WP brute force attacks (BFA) are done accessing the WP Dashboard login page (wp-login.php). Using the Hide Backend feature helps against this type of BFA’s as long as the secret login slug is not exposed by the active theme used in your frontend website (login or register link).

    However there is another type of WP BFA which uses xmlrpc …(xmlrpc.php)
    It’s a bit trickier to protect against this type of BFA. And using the Hide Backend feature does not help against this type of BFA …
    You could disable xmlrpc from the iTSec plugin but that might also disable other WP functionality your website actually needs to function properly …

    dwinden

    Thread Starter mrshort

    (@mrshort)

    Ok thank you for this explanation dwinden! I completely disabled xmlrpc to see what this does… do you think I need to rename the Login Slug too?

    You’ll need to determin by what type of BFA your website is being hit.
    To do so you need to monitor\review the Apache log files.

    If the Apache logs show repetitive secret login slug POST requests its a Login page BFA type. Apparently the attackers (botnet) use the secret login slug and you should change it.

    If the logs show repetitive xmlrpc.php POST requests its a XMLRPC BFA type.

    Perhaps the logs even show both …

    dwinden

    @mrshort

    If you require no further assistance please mark this topic as ‘resolved’.

    dwinden

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Hidden backend discovered?’ is closed to new replies.