Hello,
Thanks for using WPS Hide Login.
Are you sure your customised login slug is used to log in ?
Hello, yes, I’m sure. If you want – please contact me in private and I will send you screenshots, blog URLs and all that you need for debugging. But something definitely works wrong.
Hello,
I can’t recreate the issue.
Is the problem still here when every other plugins are activated ?
Is xmlrpc deactivated ?
What is your host company ?
to get the numbers of failed login attempts, I have activated the “Limit Login Attempts Reloaded” plugin, so it works together with your “WPS Hide Login” plugin. The host company is GoDaddy.
Is the problem still here when every other plugins are deactivated (except WPS Hide Login and Limit Login Attempts Reloaded ?
Is xmlrpc deactivated ?
We’ve also a plugin to limit login attempts more compatible with WPS Hide Login: WPS Limit Login Attempts
I can not deactivate all my other plugins and leave my blog for a couple of days just for debugging of your plugin: the design and work of the blog will be destructed/changed.
I’m not sure what you mean under “xmlrpc”… is it a plugin? If so, I do not have installed the plugin “xmlrpc”.
No, it’s not a plugin, it’s a file which can be used to enter your WordPress.
The attempts your plugin report may come from this fault. That’s why I’m asking if login attempts are lauched from your customised slug or elsewhere.
How I can check it? where is “xmlrpc” file located? Have I delete this file?
Ok, I figured it out. The “xmlrpc.php” wasn’t disabled. So I made it manually in .htaccess:
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
I would recommend adding this feature to your plugin.
Also, I have installed your plugin “WPS Limit Login Attempts” and deleted “Limit Login Attempts Reloaded”.
(Actually, I have another plugin installed on the blog: “Sucuri WP Plugin” and it shows in its log a lot of failed attempts as well.)
I will let you know if it helps.
The newly created ‘secret’wp-admin URL is literately displayed below each post (default theme 2016). Below each WP post there’s a link:
Leave a Reply
You must be logged in to post a comment.
When you click on the link, or even hover over it, your new secret wp-admin is displayed to everyone in the world. Even when you disable comments, the link is still there.
Hello,
Then, the problem isn’t from WPS Hide Login but from your WordPress settings.
You must uncheck the case “Everyone can sign up” in the “General Settings” section. Then, check if the case “An account must be registered and logged in to post comments” is unchecked in the “Comments Settings” section.
Thanks for your answer. Your plugin has already decreased failed login attempts significantly, but not fully.
If I follow your suggestion, the reply fields come back on every post and this would attract many spammers, I’m afraid.
There is a way to completely remove the link, but I haven’t yet figured out how to do this. Here are the instructions:
https://ww.wp.xz.cn/support/topic/how-do-i-remove-the-login-link-from-you-must-log-in-to-post-a-comment/
It would be great if this could be an option in your plugin, but I don’t know if this is possible. It would decrease the number of failed login attempts even further, I assume.
Hello,
It’s a team work between you and the plugin 🙂
The plugin removes wp-login.php and wp-admin slugs by another one. On your side, you’ve to remove every links to the secret slug on your WP. If everyone can see the secret link, it’s not a secret anymore 🙂
Ok, I figured it out. I have “xmlrpc.php” disabled and physically deleted it from the root. Issue fixed, for two weeks there were no new login attempts. The problem was not in your plugin. Thank you for your help.
