Alexey

Welcome! ??

If not a secret, what is the solution you found?

Plugin setting area has really changed, slug setup is now in “Advanced” area — see on the top right of the screen.

dwinden, really thanks! I’ve not thought about logs before your message and now think this is really good idea. I’m not well familiar with logging mechanism so it will take time to set it up and I’m not sure what exactly to look for in logs.

So I will need extra time to find all this out. At the same time today I have no more messages about brut force and just decided to do all this later, for example as soon as I receive next message.

But now I know where to look for, so thanks once again!

Thanks, dwinden, seems that I found the reason, wrote above. I forgot about Meta widget and then plugin left old slug in .htaccess.

I’d like to believe the plugin protects wp-login.php from all kind of requests.

I didn’t examine logs, think I should turn it on first. Thanks, if the problem will not be solved, I will follow your advice!

I meant you can download zip of old plugin version and try to install it manually to your existing WP (there should be an instruction).

etnmathy, and one more thing. I think you should better not delete everything from DB, but put the values you need.

I made files backup and searched for slug in files. Nothng found.

Another idea is to find old version of plugin and try to install it.

So you can try make backup of whole site and install it to some other hosting (hostinger.cz may have free plan). Use hosts file on your local to address it (not to change DNS). And you will know for sure, if problem is in files/database or on server side of your today hosting.

OMG, stroung tags shouldn’t be there! =)))

Seems that first occasion is setting for old version of plugin and second is new. Much garbage!

I looked through database and found:

(156, 'itsec_hide_backend', 'a:7:{s:7:"enabled";b:1;s:4:"slug";s:9:"<strong>myoldslug</strong>";s:12:"theme_compat";b:1;s:17:"theme_compat_slug";s:9:"not_found";s:16:"post_logout_slug";s:0:"";s:12:"show-tooltip";b:0;s:8:"register";s:15:"wp-register.php";}', 'yes'),

(3310, 'itsec-storage', 'a:13:{s:6:"global";a:27: ... s:12:"hide-backend";a:6:{s:7:"enabled";b:1;s:4:"slug";s:13:"<strong>mynewslug</strong>";s:12:"theme_compat"; ...

Second block contains a lot of text, I replaced the most with “…” here.

(You can read about my troubles with old and new here: https://www.ads-software.com/support/topic/hidden-login-page-is-comprimised?replies=2 )

So you can also try to make backup and see what is there.

Reply to myself!

Found out that plugin left old slug in .htaccess:

RewriteRule ^(/)?<strong>oldslug</strong>/?$ /wp-login.php [QSA,L]
RewriteRule ^(/)?wp-register-php/?$ /wplogin?action=register [QSA,L]

So both old and new worked! Probably robots still remember the old one.

After few cycles of turn “hide backend” on, save, refresh, turn off, save, refresh, etc I found out that these two lines appear in .htaccess only when “hide backend” feature is switched OFF!!!

What’s the sence? How it works when turned on, and why these lines needed when turned off?

Seems to be ok. Try to duplicate “RewriteEngine On” like this:

RewriteEngine On
RewriteRule ^(/)?epicator/?$ /wp-login.php [QSA,L]
RewriteRule ^(/)?wp-register-php/?$ /wplogin?action=register [QSA,L]

Hello!

Very strange! Your site now is full of content, you returnd it from backup after you made clear installation? Maybe some cache on server side? But too long…

Try adding to .htaccess:

RewriteRule ^(/)?yourslug/?$ /wp-login.php [QSA,L]
RewriteRule ^(/)?wp-register-php/?$ /wplogin?action=register [QSA,L]

This was added by plugin to mine. Replace “yourslug” to your slug.

Hello!

These messages mean that protection works ok and attackers are blocked. You can switch off email notifications in plugin settings (see “Security” in the backend menu on the left).

Hello! Check .htaccess and wp-config.php I suppose redirection may be there.

Hello, Jesse!

Oh great! Very good news! Thanks, then I will patiently wait! =)