Hi there!
What you are experiencing is perfectly normal. Obfuscating your login URL is not a guarantee that it will never be found or revealed.
Over time, bots, crawlers and bad actors will find it and attempt to log into your website. It happens to us as well from time to time.
Considering that Wordfence blocked the intruder, smile. You’re in good hands. Wordfence did its job 🙂
Hope this helps a bit.
Cheerio!
Hi @luke630,
I agree with the above comment that Wordfence does all of the important blocking for you automatically so you don’t have to based on its extensive database of vulnerabilities, IPs and signatures to detect exploitable plugins, known current “bad” IPs, and malicious files. Having very strong passwords, enabling 2 factor authentication, and reCAPTCHA should provide you with the level of protection you need to prevent any visitors to this page achieving anything once they get there.
Just for a little more background, we’re generally of the opinion that security through obscurity isn’t necessary and can sometimes pose problems for services like Wordfence Central connecting in when it attempts to hit the login page of your site when you first connect it. Other plugins may be affected too: https://www.wordfence.com/blog/2017/10/should-you-hide-wordpress-login-page/
Thanks,
Peter.
