Many, many attempts to hack login.php

  • MikeHarrison

    (@mikeharrison)


    12 years ago

    According to server stats, there are many, many requests for my login.php and, lately, they all seem to come from the same ip address. I’m guessing these are attempts to hack my site. Even though I have good security measures in place, is there a way to completely prevent any ip except my own from even accessing login.php? These repeated page requests are logging an awful lot of time.

    I’m hoping the contents of my directories are not accessible, so is it possible to change the name of wp-login.php to something else?

    Thanks!

Viewing 7 replies - 16 through 22 (of 22 total)
  • compositelitmus

    (@compositelitmus)

    @mickeyroush

    1. Is it less monitoring and simpler to make the site https by putting in an SSL? I understand there are some cheap SSL out there that cost only about $13.
    2. The measures discussed here – will employing them on https site complicate things or make it extra protection?

    MickeyRoush

    (@mickeyroush)

    @ compositelitmus

    1. SSL only encrypts your site and is usually used to protect any sensitive data being transferred like passwords, etc between the client and host.

    2. The measures mentioned here should not conflict with using SSL.

    compositelitmus

    (@compositelitmus)

    @mickeyroush

    I haven’t got to the point that I need to handle hackers. I will keep all this information, in case I need it someday.

    Thanks!

    I’m late to the discussion but didn’t see that anyone above had suggested this. I’ve installed the betterwpsecurity plugin and activated the standard ban list as well as specifically banning ip addresses that repeatedly get locked out for 404 errors – most of which are attempting variations of login or admin files. Sometimes blocking multiple variations from the same region of China gets old but at least I know I’m secure. One hacking in a lifetime was enough! It’s worth the effort to explore that particular plugin.

    Best think is to use hard passwords and updated WP. other then that i also tried blocking IP, some plugins but none work so far for some reason. so learn living with it may be..

    Thread Starter MikeHarrison

    (@mikeharrison)

    Since creating this thread, I’ve since installed BOTH Better WP Security AND Bulletproof Security. Bulletproof Security solved my problem forever by giving me code to customize my root .htaccess file, preventing login by anyone except me.

    Haven’t heard of BPS but it looks promising as well. I’d love on one install to quit having to ban the same range IP addresses from the same three cities in China every week…

Viewing 7 replies - 16 through 22 (of 22 total)
  • The topic ‘Many, many attempts to hack login.php’ is closed to new replies.