1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wordpress - wp-login.php Attemps

Discussion in 'CPA' started by Piotr__11, Feb 5, 2013.

  1. Piotr__11

    Piotr__11 Junior Member

    Joined:
    Mar 13, 2012
    Messages:
    122
    Likes Received:
    69
    Hello.
    Some time ago I noticed that my wp site gots hundreds of wp-login visits > probably smb is trying to hack it.
    I decided to install some captcha plugins - firstly you need to solve some math captcha and then you need to solve normal captcha before you can login. It was around month ago but it didn't help .
    Every day in WassUp I see lots of wp-login 'visits' ...
    It is annoying, I have user 'admin' but he can't now brute force my password because of captchas .
    How can I "cut off" the traffic ? I cannot even see normal statistics - they are faked...
    He uses many ips .

    Thanks
     
  2. Amsterdammer

    Amsterdammer Power Member

    Joined:
    Aug 9, 2011
    Messages:
    515
    Likes Received:
    563
    • Thanks Thanks x 2
  3. IMpossible

    IMpossible Supreme Member

    Joined:
    Apr 15, 2012
    Messages:
    1,338
    Likes Received:
    302
    Occupation:
    Internet Marketing Guru
    Location:
    Somewhere on earth
    I will implement this! Do you have any other wordpress security tips? And do you know how to make the /wp-content folder private so that only I and not others can access it?
     
  4. Amsterdammer

    Amsterdammer Power Member

    Joined:
    Aug 9, 2011
    Messages:
    515
    Likes Received:
    563
    Another tip would be Wordfence, I should have included it in the original reply to OP.
    There probably is a link to how to use it on the forum but I had no problems figuring it out. It is also recommended by other members.

    Better WP Security has an option to change your WP content folder, not sure if this makes it private.

    The two plugins overlap in functions but don't seem to collide. Then again, I am just a nooby so perhaps I should have stressed it more. lol
    But, with this you can restore when hacked, notice you are hacked, identify hacking attempts and secure your WP.

    Hope this helps. :)
     
    • Thanks Thanks x 1
  5. JCena

    JCena Junior Member

    Joined:
    Jan 14, 2011
    Messages:
    188
    Likes Received:
    67
    • Thanks Thanks x 1
  6. carlikito

    carlikito Regular Member

    Joined:
    Dec 28, 2009
    Messages:
    350
    Likes Received:
    214
    Check your logs and block IP ranges. Lets say you have the 188.123.456.789 and another one like 182.321.654.65 IP's trying to break your login, so block the whole range like this 188.123.456.* and 182.321.654.* . Also the majority of attacks come from China and Eastern Europe, so you might wanna block the whole IP range from those countries.

    Also use a Login Limit plugin to block access to that host after a determined amount of login attempts.
     
  7. ChEcKeD

    ChEcKeD Senior Member

    Joined:
    Aug 27, 2012
    Messages:
    984
    Likes Received:
    467
    Occupation:
    ☺☺☺☺
    Location:
    ☺☺☺☺
    Just chnge the URL for the admin login page.
     
  8. IMpossible

    IMpossible Supreme Member

    Joined:
    Apr 15, 2012
    Messages:
    1,338
    Likes Received:
    302
    Occupation:
    Internet Marketing Guru
    Location:
    Somewhere on earth
    Can you easily change it without destroying your site?
     
  9. dbyrn

    dbyrn Power Member

    Joined:
    Feb 20, 2010
    Messages:
    746
    Likes Received:
    224
    Occupation:
    helping people
    you can also set an authbasic password in .htaccess (it depends on your hosting provider) and you will have another level of security before hitting login screen.
    I would start with whitelisting your ip and blocking all the others though.
    D.
     
    • Thanks Thanks x 1
  10. IMpossible

    IMpossible Supreme Member

    Joined:
    Apr 15, 2012
    Messages:
    1,338
    Likes Received:
    302
    Occupation:
    Internet Marketing Guru
    Location:
    Somewhere on earth
    Yeah that's good for a start.
     
  11. Amsterdammer

    Amsterdammer Power Member

    Joined:
    Aug 9, 2011
    Messages:
    515
    Likes Received:
    563
    Better WP Security has a tab to hide the backend. :)
    I would be careful though, after forgetting my new login slug I had no way in. Had to reinstall. lolz
     
  12. drkwrld

    drkwrld Regular Member

    Joined:
    Dec 27, 2010
    Messages:
    249
    Likes Received:
    95
    Home Page:
    Change ur admin folder name n ur username.