wp-register.php still available

  • nilar

    (@nilar)


    10 years ago

    Hello,

    I think this plugin is awesome.
    Anyway I have this issue, I do not know if it is just me.
    Basically after more or less 24 hours from plugin installation, attacks to my site started again. So I looked for possible ways to guess the new name for the login page. I found that the address https://www.mysite.com/wp-register.php is still reachable and the new login folder name can be easily extracted from that.
    As this file (wp-register.php) does not actually exist in my installation directory, I assume that the redirect information is hard-coded somewhere in the DB.

    Any other?

    https://www.ads-software.com/plugins/rename-wp-login/

Viewing 1 replies (of 1 total)
  • uptowngeeks

    (@contactuptowngeekscom)

    Same problem here. Doesn’t work when a wp hacker knows to type wp-register.php to find the hidden login url.

Viewing 1 replies (of 1 total)
  • The topic ‘wp-register.php still available’ is closed to new replies.