| User | Post |
|
5:32 am
September 8, 2013
|
Financial Independence
| | Australia | |
| Member | posts 7 | |
|
|
I have a wordpress plugin which automatically blocks IP addresses trying to log into my admin panel after a number of incorrect password attempts. I have noticed that I have started recieving regular notifications of this happening, so I locked my /wp-admin/ directory using 'Password Protect Directories' in CPanel.
This doesn't seem to have stopped the login attempts, they are somehow still getting to my login page. Has anyone seen this before and can they give me any tips?
|
|
|
6:05 am
September 8, 2013
|
Financial Independence
| | Australia | |
| Member | posts 7 | |
|
|
Actually, just to update I figured out what my issue was. Hopefully this can help others as well so I thought I'd share my solution.
It turns out that the hackers weren't trying to access my admin area using /wp-admin/ but by simply using /wp-login.php
Using this tutorial I locked down my wp-login file and the bad requests stopped instantly.
|
|
|
9:42 am
September 8, 2013
|
debtroundup
| | Raleigh | |
| Member | posts 190 | 
|
|
|
I have a post going up on Modest Money this wednesday about protecting your site. You shouldn't ever try to prevent access to wp-admin because there are many plugins that use it. You should always lock down wp-login.php. Nice work!
|
|
|
|
|
6:00 am
September 9, 2013
|
Financial Independence
| | Australia | |
| Member | posts 7 | |
|
|
I've had /wp-admin/ locked down for a few weeks and haven't noticed any ill effects. I'll definitely keep an eye out for your post though, it's a fine line between securing your site and going overboard and potentially effecting usability.
|
|
|
9:28 pm
September 9, 2013
|
Anton Ivanov
| | San Diego, CA | |
| Member | posts 129 |
|
|
|
I would highly recommend the Better WP Security plugin. Once you set it up, it's the most full-proof WP protection I've seen. For example for log-ins into the admin panel, it actually renames and redirects the default WP log-in path to whatever you want to to prevent simple brute force attacks. You can also set a limit on incorrect log-in attempts, block certain users from accessing your site altogether, etc., etc.
Hope it helps you out!
|
|
|
|
|
7:45 am
September 11, 2013
|
Eric – PersonalProfitability.com
| | Portland, OR | |
| Member
| posts 2120 |
|
|
|
I have Wordfence on my most important sites (big server resource hog, so not all sites) and WP Firewall. The combination is pretty solid at keeping the bad guys out. There are lots of hacks that don't require using wp-login.
|
|
|
|
Login
Search 
Home
Print this Topic 
Topic RSS 
