Site Lockout although Admin is Redirected

  • Resolved tslbozeman

    (@tslbozeman)


    6 years, 4 months ago

    Hi there,

    Some time ago on two websites that I work on, I changed the login from “wp-admin”. However, in both cases, I occasionally receive notifications that there have been site lockouts. And in all cases the username attempted has been “admin.”

    My question is how these failed attempts can even happen, because when I go to wp-admin it says “not available?” So how are these users able to access any area to even begin to attempt to login? Or perhaps, I’m misunderstanding how this works.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor wpsolutions

    (@wpsolutions)

    Hi @tslbozeman,

    So how are these users able to access any area to even begin to attempt to login? Or perhaps, I’m misunderstanding how this works.

    It is very UNLIKELY that they have found your hidden login page.
    They are most probably using a script which is submitting xmlrpc commands aimed at your xmlrpc.php file.
    See this page for more info.

    Thread Starter tslbozeman

    (@tslbozeman)

    Thank you. That was very helpful to know.

    I’m unable to completely block XMLRPC because I use Jetpack, but that’s okay. Good to know, we’re still safe despite these attacks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Site Lockout although Admin is Redirected’ is closed to new replies.