Wp-login.php page has appeared on a website

I do not know where is best to post this but it is a php file so I will start here.

Looking through some website stats I notice over 500 visits to wp-login.php but the website does not use Wordpress and looking at the site via FTP there is not a file called wp-login.php So the link should have generated a 404 error.

Has anyone else seen this? So far the hosts have brushed it of with “we would not put it there” so I am giving them a bit of a prod to look into it.

I have not entered the capture as I do not know what will happen!

This is what the page looks like:

Still no reply from the hosts but I had a thought. This sites cpanel has a lot of “oneclick script setups” and I wonder if the page is installed when that is setup? I checked out about 6 other sites with the same IP and they all have the same page.

It sounds like hackers or bots sniffing around your site to see if it’s running wordpress. This is very common, I see it in my stats all the time.

As you’re not running wordpress there’s nothing you to stop it, it’s really more of a nuisance than something to worry about.

I understand the hacker part but the page in the screen shot can be visited by the URL but does not show up on the website via ftp.

You could always MAKE a page called wp-login.php and redirect to google.com or somewhere. The BOT might take your site off the list.

Sounds like a perfect opportunity to make a honeypot to me.

1 Like

That is what I thought.

I have had a reply from the hosts and it is a default screen and it is on the server directly and not our webspace and that is why I could not find it.

Good idea; it would save all those 404 errors on my stats page as well! At the moment I have something setup in mod_security.

To be fair this isn’t unique to Wordpress, or even PHP powered CMS systems. Any system with a large enough install base has at least a couple attack scripts out there for it.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.