Still have login attempts

  • Resolved mrsreeder

    (@mrsreeder)


    9 years, 5 months ago

    Hello,

    Like someone else posted here (without a proper answer). I have all login pages hidden and if the default login pages are accessed they properly give 404 errors.

    How is Wordfence still logging login and forgotten password attempts? I am getting notifications of blocked IPs from logging in and I am not using the default url from the plugin.

    https://www.ads-software.com/plugins/wps-hide-login/

Viewing 15 replies - 1 through 15 (of 31 total)

  • Hello,

    Do you have a login url anywhere in your code ? In a form action for example

    Thread Starter mrsreeder

    (@mrsreeder)

    No I do not. Any forms used on any site I develop uses contact form 7.

    I’m still waiting for help on this as well. I posted in the forums about this a few days ago… any love?

    I am still getting notifications of attempted brute force attacks.

    Please help~

    ~ Angela

    Please provide me a link to your website so I can have a look

    Thread Starter mrsreeder

    (@mrsreeder)

    Can you provide an email address to send you the link?

    Same problem for few days!

    And I’ve found a link on my website to the “hidden” login page on the comment block.
    If I’m not connected the “You should be connected to leave a comment” (or something similar, my website is in french) contains a link to the hidden login page.

    I’ve deactivated all the comments + change again the login page but I am still getting notifications of attempted brute force attacks!
    Don’t know where the get the link.
    My website: https://www.prosdubatiment.com

    I’m having this problem too. It was fine when I started using this plugin (which I really like) but in the past couple of weeks Wordfence has been notifying me of loads of login attempts across several websites. I’ve checked what’s reported here and can’t find any login links on the websites. Any ideas appreciated!

    I was experiencing this too, and it turned out that the attacks were exploiting xmlrpc.php instead of targeting the actual login page. I solved it by adding this to htaccess:

    <Files "xmlrpc.php">
Order Allow,Deny
deny from all
</Files>

    Not a perfect solution if you have to use xmlrpc.php for some reason, but it has seemed to work and it wasn’t related to this plugin.

    Siteturner, you’re spot on. I’ve just found this as the cause this morning too. Good job – hopefully this thread will help others.

    Yes Siteturner, thank you very much!

    Following your hint, I’ve tried 2 extensions:
    https://www.ads-software.com/plugins/disable-xml-rpc/ which disable totally XML-RPC exactly like your solution. It is working: no more login attempts!

    https://www.ads-software.com/plugins/disable-xml-rpc-pingback/ which is supposed to disable only XML-RPC functions used by hackers. It’s not working! I still get login attempts.

    Good catch, I’m gonna sticky this topic so others can see it when searching for answer about this.

    Siteturner, thank you for the tip! I’ve added the code you suggested to all my sites’ htaccess files. Hoping that is the end of this annoyance!

    XML-RPC on WordPress is actually an API. If you disable the XML-RPC service on WordPress, you lose the ability for any application to use this API to talk to WordPress. It is used heavily by phone Apps that interface with WordPress sites. You need a solution that both blocks the brute force attacks and does NOT require disabling XML-RPC.

    Sid

    We have the same issue. The suggested solution won’t help since we use xml-rpc actively.

Viewing 15 replies - 1 through 15 (of 31 total)
  • The topic ‘Still have login attempts’ is closed to new replies.