Login URL changed, but still receiving brute force attacks

  • Resolved gardenfurnituresa

    (@gardenfurnituresa)


    8 months, 2 weeks ago

    Hello! Have been using this plugin for years and it has been working great, but I migrated my site last week and suddenly the plugin doesn’t seem to be working, receiving over 400 failed login attempt emails in 20 minutes’ time.

    I have always had the “Users must be registered and logged in to comment” unchecked as well as the ‘Anyone can register’. I do have the “Comment author must fill out name and email” checked, but like I mentioned before everything was working just fine for years on the current settings.

    I even updated the login URL but the hackers still seem to be finding my login URL somehow?

    I’m using Divi, WordFence, Site Kit, JoinChat and Yoast.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support MaximeWPS

    (@seinomedia)

    Hello,

    Thanks for using WPS Hide Login.

    Is the login page public ? Do you allow your users to log in by the comments area ?

    Is xml-rpc deactivated ?

    Thread Starter gardenfurnituresa

    (@gardenfurnituresa)

    Login page isn’t public. People can submit comments by filling in their name & email address but they cannot log in or register, those settings have always been disabled.

    Should xml-rpc be disabled?

    Plugin Support MaximeWPS

    (@seinomedia)

    Hello,

    Yes, xml-rpc must be disabled. It can be used to find your login URL. If any plugin requires this functionnality, disable it.

    Hi, I’m also seeing login attempts, but just a few, not hundreds, so likely a human rather than a bot. Login attempts are logged by our anti-spam plugin.

    We don’t have any users that can login except for myself, so the login page is not public. There is nowhere on the website where people can leave comments, there is just a simple contact page that uses WPForms Lite. I don’t know what xml-rpc is.

    Thread Starter gardenfurnituresa

    (@gardenfurnituresa)

    Hello @semoliner

    Here’s a great article explaining what xml-rpc is and how to disable it, my issue was solved as soon as I implemented it; https://kinsta.com/blog/xmlrpc-php/

    Here is another; https://www.hostinger.com/tutorials/xmlrpc-wordpress

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Login URL changed, but still receiving brute force attacks’ is closed to new replies.