fipsofant
Forum Replies Created
-
Hey Guys,
Yes there are few orders after that setting has been set.
Maybe you can have a look directly in the website?
Yes it is enabled.
But I found out that www-data was not able to write to .htaccess, so it written inside the file.
After changed owner, the AIO settings was added to the .htaccess.So I am going to check if the login attempts still exists.
But to recollect:
Why bots trying to access/targeting xmlrpc file?
Is there a hack possible with it?my .htaccess looks like:
RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] # add a trailing slash to /wp-admin RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L] RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L] RewriteRule . index.php [L] <Files "wp-login.php"> Order allow,deny deny from all allow from 123.123.123.123 </Files>I can’t see something related to the xmlrpc file.
- This reply was modified 8 years, 11 months ago by fipsofant.
just received that email:
A lockdown event has occurred due to too many failed login attempts or invalid username: Username: amazing IP Address: 198.71.231.5 IP Range: 198.71.231.* Log into your site's WordPress administration panel to see the duration of the lockout or to unlock the user.“XML-RPC server accepts POST requests only.”
well “Completely Block Access To XMLRPC” is enabled.
Yes I renamed the login page.
yes, “enable login lockdown” and “notify by email” is both enabled.
my .htaccess setting:
<Files "wp-login.php"> Order allow,deny deny from all allow from 123.123.123.123 </Files>Forum: Fixing WordPress
In reply to: Unable to send "New user register" emails – Test emails workI ran 4.3, after upgrade to 4.3.1 everything worked like a charm.