Title: Bug in Log categorization? Last modified: September 8, 2017 --- # Bug in Log categorization? * Resolved [Tony G](https://wordpress.org/support/users/starbuck/) * (@starbuck) * [8 years, 9 months ago](https://wordpress.org/support/topic/bug-in-log-categorization/) * View Logs, then XML-RPC and Login Form. All of the login forms show the request: * `POST[80]:/xmlrpc.php` * There are no requests for the login form here. Am I reading this wrong? * Also, I moved my login form to a different end point, like /a-new-login.php. So any requests at all to login.php are bogus. But how do I ensure that my actual login page is getting checked by this plugin? * Thanks. Viewing 2 replies - 1 through 2 (of 2 total) * Plugin Author [tokkonopapa](https://wordpress.org/support/users/tokkonopapa/) * (@tokkonopapa) * [8 years, 9 months ago](https://wordpress.org/support/topic/bug-in-log-categorization/#post-9481147) * Hi Tony, * What you are reporting here is right, but this is due to this plugin’s circumstances. Let me explain. * You know XML-RPC is used for pingback in WordPress. This is done by requesting` pinback.ping` that is one of the methods of **R**emote **P**rocedure **C**all by **XML**. This call doesn’t need user name and password. * But there are other methods such as `wp.getAuthors` or `wp.getUsersBlogs` need user name and password. Those methods are used by WordPress mobile app. But it also means that `xmlrpc.php` can be abused for login attempts. * And when this kind of login attempts fails, this plugin handles as same as the requests to `wp-login.php`. This means that **renaming `wp-login.php` is not enough to prevent login attempts**. * I know it’s not right to categorize it as “Login from”, but I think users should know XML-RPC is abused by attackers. * There’s one more thing I should mention. The method `system.multicall` is abused as “[Brute Force Amplification Attacks](https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html)“. This issue was fixed in [WordPress 4.4 and later](https://core.trac.wordpress.org/ticket/34336). And this plugin categorize it as “XML-RPC”. * Although I know these behaviors are not uniform, it’s my intention. * By the way Tony, how about the topic “[Log filter?](https://wordpress.org/support/topic/log-filter/)“? I wonder my answer satisfied you or not. Please let me know. * Thanks. * Plugin Author [tokkonopapa](https://wordpress.org/support/users/tokkonopapa/) * (@tokkonopapa) * [8 years, 9 months ago](https://wordpress.org/support/topic/bug-in-log-categorization/#post-9481150) * P.S. This is the test vector for `system.multicall`: [https://github.com/tokkonopapa/WordPress-IP-Geo-Block/blob/master/test/bin/multicall.txt](https://github.com/tokkonopapa/WordPress-IP-Geo-Block/blob/master/test/bin/multicall.txt) * It includes 100 pairs of user name and password so that it could attempt to login 100 times at one request. Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Bug in Log categorization?’ is closed to new replies. * ![](https://ps.w.org/ip-geo-block/assets/icon-128x128.png?rev=1148568) * [IP Geo Block](https://wordpress.org/plugins/ip-geo-block/) * [Frequently Asked Questions](https://wordpress.org/plugins/ip-geo-block/#faq) * [Support Threads](https://wordpress.org/support/plugin/ip-geo-block/) * [Active Topics](https://wordpress.org/support/plugin/ip-geo-block/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ip-geo-block/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ip-geo-block/reviews/) * 2 replies * 2 participants * Last reply from: [tokkonopapa](https://wordpress.org/support/users/tokkonopapa/) * Last activity: [8 years, 9 months ago](https://wordpress.org/support/topic/bug-in-log-categorization/#post-9481150) * Status: resolved