SitePoint Sponsor

User Tag List

Results 1 to 4 of 4

Hybrid View

  1. #1
    SitePoint Zealot
    Join Date
    Feb 2012
    Location
    US
    Posts
    145
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question on WP Botnet

    So I have been dealing with this botnet issue for awhile, and I used a script put on my VPS at Hostgator that asked for an extra login before getting to the wp-login.php page. I ran it for a week, took it down, got hit and server went down again. This happened quite a bit until I finally just left the script on. However, for my clients who run memberships sites or affiliate programs, this script is getting in the way. I looked at the Brute Force plugin, which is almost like an Askimet pool of Ips its building, but that doesnt stop the attempts and everyone says lockout plugins dont work.

    So I have 2 questions:
    1) Would using a plugin like Better WP Securityor code like RewriteRule ^login$ http://YOUR_SITE.com/wp-login.php [NC,L] to change the login url work?
    2) Or should I try this new plugin http://wordpress.org/plugins/botnet-attack-blocker/ that just locks down more effectively?

    I ask because I dont understand if the botnet only searches for the wp-login.php url or if it would be blocked by simply changing the url. Any advice would be much appreciated!!!!

  2. #2
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi satori

    My host uses the same extra layer of security - it's a pain. However I found a way round it by using a plugin called 'Theme My Login'. It uses a url other than wordpress/wp-login.php, e.g. http://yoursite.com/login, and places the login page inside your theme. Seems to be working for me.

    I also use WangGuard, which allows me to add a randomised security question to the registration page, among other useful stuff, and Wordfence Security which has a whole host of features.

    According to my host, the brute force attacks are focused specifically on wp-login.php

    Hope that helps

    Reg
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.

  3. #3
    SitePoint Zealot
    Join Date
    Feb 2012
    Location
    US
    Posts
    145
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ive heard of that before. Does it actually change the page location, not just redirect? What happens if you enter wp-login.php directly, does it throw a 404 or something?

  4. #4
    SitePoint Zealot 2ndmouse's Avatar
    Join Date
    Jan 2007
    Location
    West London
    Posts
    196
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    wp-login.php is still there and can still be accessed. However, the bona fide user is never directed to that page, only to the 'in-theme' login page. If someone goes directly to wp-login.php then they will have to go through the extra security layer.

    In that respect it's not 100%, but at least your site never directs the user to wp-login.php.

    Right now, I'm working from an ip address that has never been used to log in. When I try to go directly to wp-login.php, I see the extra security layer. Then if I use the login link on my web page, it goes straight to the login dialog.

    Regards
    Detect file changes remotely. SimpleSiteAudit is an early
    warning anti-hacker system which sends an alert on detection.

    PHP Find Orphan Files - Finds all the unreferenced files on your site.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •