New hack attempts

Hi @simco,
Ok thanks for that. This confirms my suspicions – ie, either the pingback protection is not enabled or that rule is not working on your server for some reason.

Can you please examine your .htaccess file and can you confirm if the following code is there or not?

#AIOWPS_PINGBACK_HTACCESS_RULES_START
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
#AIOWPS_PINGBACK_HTACCESS_RULES_END

Also please check if the “pingback protection” setting is actually enabled or not. If it is not enabled, you should enable it and it will stop those hack attempts you are currently seeing.

I’ve checked and double checked that pingback protection is enabled.
The rule in my .htaccess is:

#AIOWPS_PINGBACK_HTACCESS_RULES_START
<IfModule mod_alias.c>
RedirectMatch 403 /(.*)/xmlrpc\.php$
</IfModule>
#AIOWPS_PINGBACK_HTACCESS_RULES_END

@wothers,
That’s the old rule. We changed it in a recent release.
To get the new rule simply disable and then re-enable the “pingback protection” feature.
After you’ve done that, you can check the .htaccess file to confirm that the pingback rule is the same as what I pasted in my earlier reply.

Everything looks to be in order now.
xmlrpc.php now outputs a 403 Forbidden.
I’ll just wait until tomorrow morning to ensure I can mark this resolved.
Thank you for all your help.

I checked the .htaccess and it did have the ‘old’ instruction in there. I deactivated/reactived the pingback element and the new instruction is in there now. Let’s see if that takes care of the login access URL problem.

That seems to have done the trick, no new lockouts since .htaccess was updated.
Thank you @wpsolutions for your help and a great product.