Hi Daniel, Is your WordPress installation in a sub-folder, but the …

By 23rd June 2021 Uncategorised

Comment on Security: Hide The WordPress Login and Admin Pages (wp-login.php) by Paul G..

Hi Daniel,

Is your WordPress installation in a sub-folder, but the URL of the site is different? If this is the case, this is tested and working.

If the WordPress installation is in a sub-folder and the WordPress URL is also in a sub-folder, perhaps there is an issue there, but I’m not sure how that would work. I’ll have to do some testing with that to see…

Can you confirm which way your URL is configured etc.?
Thanks,
Paul.

Paul G. Also Commented

Security: Hide The WordPress Login and Admin Pages (wp-login.php)
Hey Rob,
Brilliant news… Glad it’s working so well for you!


Security: Hide The WordPress Login and Admin Pages (wp-login.php)
Hi Rob,

We have a very good Comment SPAM protection built into the Simple Firewall plugin itself… look under the Comments Filter section. I have no issues whatsoever with comment spam with these enabled.

Worth trying out.
Cheers!


Security: Hide The WordPress Login and Admin Pages (wp-login.php)
Hi,

I just checked this and I can’t see what you’re seeing. That email doesn’t send out the new login URL.

And, if it was, it would be sending it to a user that already new the URL… I’m not sure how this is “public”.

Thanks,
Paul.


Recent Comments by Paul G.

Part 5: Ultimate Comment SPAM Killer – Shield WordPress Security Plugin
Why does WordPress need to do that? I’ve no idea… that’s the way the author of this particular code decided to implement this. 🙂

My approach is to take each “spam” word/pattern and I use “stripos()” on each item of the comment that needs to be checked.

The truth is that efficiency isn’t hugely important in this area because it’s only run when a comment is posted. I could probably optimize my approach too, but again, it’s not critical.

Further reading: http://lzone.de/articles/php-string-search.htm


Part 4: Login Protection – Shield WordPress Security Plugin
There’s nothing you can do about that unfortunately if the bots are cracking away at your page. Most bots would get blocked by the automatic blacklist if they’re repeatedly hitting you with this.

As to XML-RPC, we have a couple of options ranging from by-passing the login/user sessions systems to completely disabling it:
https://www.icontrolwp.com/2015/10/automatically-block-brute-force-amplification-attacks-against-wordpress-xmlrpc/


Further WordPress Admin Access Lockdown
Eileen, Lynn,

The automatic updates system is WordPress-controlled and run on a WordPress cron. The Security admin access shouldn’t affect this. If you have enabled automatic updates, but restricted the system using the admin access and you find it’s not working as it should, please let me know in the support forums.

To your first question, if you enable this Security Admin system and lock-down any features, then you must, as an administrator or not, authenticate with the Security Admin system before you can make changes to the zones that have been restricted.

Let me know if it’s still unclear and I’ll elaborate further on areas you need.
Thanks!


Part 5: Ultimate Comment SPAM Killer – Shield WordPress Security Plugin
This is something that you’ll have to test with your particular installation(s) and configuration. Aggressive page caching will probably affect this functionality, but that is the double-edged sword that is “caching”.

I’d be interested to hear what you find with your tests.

Thanks!


Automatically Block XML-RPC Brute Force Amplification Attacks Against WordPress
Unfortunately this is a call that you must make… we can only provide the options and you must then apply and test accordingly. If you do find other applications/plugins that interfere, let me know and I’ll add it to the list.
Thanks.


x Logo: ShieldPRO
This Site Is Protected By
ShieldPRO