Where does it measure?

  • Resolved sme9

    (@sme9)


    9 months, 3 weeks ago

    Hello, about a month ago I changed the WordPress login URL of my website. Ever since it dropped to 0 login attempts. Even tough people have tried and failed to log on to my website. I was wondering if the plug-in might only measure the failed attempts on the standard login URL, and when it’s changed, it will say not measure the new URL. Can anyone clarify this for me?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author WPChef

    (@wpchefgadget)

    Please let us know which plugin you used for that. If it uses regular WP authorization hooks, LLAR should work with it just fine.

    Thread Starter sme9

    (@sme9)

    I used a plug-in called Admin and Site Enhancements (ASE)

    wpmuts

    (@wpmuts)

    What are the “regular WP authorization hooks”?

    I have deleted login.php in the root but still i get multiple warnings (emails). So my question is the same as sme9: Where does it measure?

    (To make it clear, I restore the file login.php when I want to login, after I write a new post, I again delete the file login.php, plus I have .htaccess in the folder wp-admin which deny all ip-addresses except for the ip-address I have at that moment when I want to login and then I even remove that ip-address from the .htaccess).

    wpmuts

    (@wpmuts)

    I found the pitfall, it is this file: xmlrpc.php

    Read here how to disable it: What Is xmlrpc.php in WordPress and Why You Should Disable It (hostinger.com)

    add this to .htaccess:

    # Block WordPress xmlrpc.php requests
    <Files xmlrpc.php>
    order deny,allow
    deny from all
    </Files>

    Plugin Author WPChef

    (@wpchefgadget)

    Yes, there are several login gateways in WP, not just wp-login.php. You’re correct, the xmlrpc one gets attacked too. Other plugins might create their own login pages, like Woocommerce.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Where does it measure?’ is closed to new replies.