plugin failed after repeated attacks

  • Resolved jack96161

    (@jack96161)


    12 years, 2 months ago

    I have a site under heavy brute-force attack. I use WordFence, which blocked them repeatedly, but they continue, so I installed Rename WP-Login. It appeared to work, I was able to log in at the new address, and for a day, there were no reports of log-in attempts. Then I got one more notice from WordPress, indicating the attempt had been made to the new address. I attempted to log in as admin to investigate and could not – I had to delete the plugin and log in normally. Securi malware scan reports the site is clean, and WordFence reports no modified files.

    It would appear someone has found a way to detect and use this plugin… Not good. Have you heard of any conflicts using this plugin with WordFence? Why might it work only temporarily to relocate the login?

    https://ww.wp.xz.cn/plugins/rename-wp-login/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Ella Van Durpe

    (@ellatrix)

    12 years, 2 months ago

    I attempted to log in as admin to investigate and could not – I had to delete the plugin and log in normally.

    That’s very odd. It should work regardless of any attack on it. It doesn’t only work temporarily or something. I feel like there’s something else going on here…

    Have you heard of any conflicts using this plugin with WordFence?

    No, as long as it doesn’t change the the location or redirects to and from the login page, it should be fine. Any other plugins installed?

    It’s really difficult to know what’s causing the issue without knowing anything about your setup. But really, most of the cases it turns out another plugin is conflicting.

    Plugin Author Ella Van Durpe

    (@ellatrix)

    11 years, 9 months ago

    Sorry for such a late reply, but if you have xmlrpc enabled (which is enabled by default), then the attacker can still try to login through that. This plugin doesn’t disable it because it might “cripple” other applications. It’s up to you to disable it, just like it’s up to you to put links to your login page on your website.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘plugin failed after repeated attacks’ is closed to new replies.