WPS Hide Login security issues? | ww.wp.xz.cn

Resolved pch101
(@pch101)

6 years, 8 months ago
Hello all –

I use this plugin on a few different websites. Only a couple of users have been provided with the login pages that are being used in place of wp-login.php.

In recent days, malicious bots have been able to locate the login pages. These websites have different login page names, use different themes and are installed on different servers, but these bots have been able to find them. When I change the pages, the malicious bots are able to locate the new ones.

A solution would be appreciated. I may have to stop using this plugin if this keeps up. Thanks.
- This topic was modified 6 years, 8 months ago by pch101.

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author NicolasKulka
(@nicolaskulka)

6 years, 8 months ago

Hello,
are you up to date?

Is it possible to register on the site?

Do you disable XMLRPC?
Thread Starter pch101
(@pch101)

6 years, 8 months ago
Thanks for following up.

– xmlrpc is both disabled and blocked by my CDN (Cloudflare)
– No registrations are permitted.
– The plugin and WordPress are up to date.

This started just a few days ago. Everything was running smoothly until then.

The malicious bot is identified as having a Java user agent that makes HEAD requests.

There was a recent WordPress update. As I think about it, the problems may have begun after the WP update. Perhaps the most recent update has something to do with this.

Thanks again.
- This reply was modified 6 years, 8 months ago by pch101.
- This reply was modified 6 years, 8 months ago by pch101.
- This reply was modified 6 years, 8 months ago by pch101.
Plugin Author NicolasKulka
(@nicolaskulka)

6 years, 8 months ago

Possible, if you find where it comes from, I’m interested.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘WPS Hide Login security issues?’ is closed to new replies.

3 replies
2 participants
Last reply from: NicolasKulka
Last activity: 6 years, 8 months ago
Status: resolved