1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The radical and definitive way to prevent unauthorized login attempts to WP

Discussion in 'Blogging' started by Zak_A, Apr 11, 2013.

  1. Zak_A

    Zak_A Jr. VIP Jr. VIP Premium Member

    Mar 16, 2008
    Likes Received:
    WP designer & developer
    Western Europe
    Long story short: remove wp-login.php from you site's ftp root.

    No one will ever try to login again, simply because the login page (and associated functions) is not even hidden or blocked: it doesn't exist anymore!

    The downside is that you will have to put this file back when you want to login yourself, so only do this for micro niche niche or such sites where you won't need to login often.

    I just did it on an old micro niche of mine that just hangs there and that I don't touch anymore.
    Someone (a bot) has been trying to login on a regular basis for more than a year now.
    At first, I installed a plugin that was locking out ips upon failed login attempts, but today the bot came back with a load of proxies, and I received like 100 email notifications of failed login attempts in less than an hour.
    As I almost never need to login into this site's admin, deleting wp-login.php seemed to be the quickest and most effective solution to stop this annoying thing - even quicker and easier than installing any plugin.

    To secure other kind of sites where you will want to login yourself on a regular basis though, (and don't want to bother deleting and putting back a file everytime via ftp), there are many security plugin to help you such as WordPress Hide My WP which has been shared here recently and will - among other nice features - hide the login page and make it only accessible via a custom URL.
    • Thanks Thanks x 2
  2. LakeForest

    LakeForest Supreme Member

    Nov 11, 2009
    Likes Received:
    Location Location
    • Thanks Thanks x 1
  3. nicofan

    nicofan Junior Member

    Jul 25, 2010
    Likes Received:
    unemployed, unemployed, unemployed, unemployed, un
    I read somewhere you can just rename the wp-login.php. Can you rename it without consequences or are there other files connected to this? Say I rename wp-login.php to frog.php can I just do it without damaging my site? Wouldn't this be safe enough instead of deleting the file? thanks