How can someone try to sign in without the login page?

  • Resolved LesTexas60

    (@lestexas60)


    2 years, 5 months ago

    I have used this plugin on a number of sites. I have liked it because of tghe added security. I also use a login security that only lets someone attempt to login a few rimes until they are locked out. I keep getting email reports telling me that the site was locked to a certain IP address after a number of attempted logins. Question: If the person trying to sign in doesn’t have the login page, how can they attemp to login at all? Is there a flaw or a way users can get around this plugin and try to login to the WP website through a different page than the one defined in this plugin? The other plugin is Limit Login Attempts Reloaded Plugin. Just looking for a clarification.

    • This topic was modified 2 years, 5 months ago by LesTexas60.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support MaximeWPS

    (@seinomedia)

    Hello,

    Thanks for using WPS Hide Login.

    If visitors can sign in, there’s a public signin forl on your WordPress. Then, any robot can find it. WPS Hide Login only let you hide wp-login.php page, not any signin form or page you could create in the front of your website.

    I’m seeing this as well where after the WPS Hide Login plugin is installed, I am still seeing an odd and concerning number of attempted logins. I built these sites from scratch and I don’t know of another login page or admin url.

    In testing both display a 404 message so the plugin appears to work as expected. Makes me wonder also if there is a back door that doesn’t use a page but can script through to log in or if the bots are quickly finding these hidden pages.

    As far as we know, is there or is there not some other way to login that isn’t specifically a “page”? If not do we know how bots are quickly (within less than a day) locating the hidden URL (and I’m using very random un-guessable strings for the URL).

    From there my big question is what’s next? I hope we discover something that lets me limit the brute force login attempts so I don’t need to load up on more plugins. – thank you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How can someone try to sign in without the login page?’ is closed to new replies.