Geek Answers Handbook

How to prevent attacks on the WordPress page wp-login.php

On my website, the highest GPU usage is actually on the WordPress login page, not the homepage. I basically came to the conclusion that he was attacked by brute force attacks or something like that.

I installed a plugin that prevents password attacks from bots, but this does not prevent bots from actually visiting the page in the first place .

I want to change the location of the login page to something like wp-login-here.php, or maybe there is a better solution. Stealth Plugin seems like it will be a trick, but it is not compatible with the latest versions of WordPress. Any ideas?

The EDIT: . The real solution to this problem was to make a clean installation of WordPress, this time in the version supported by the Stealth plugin. After installing WP and the Stealth plugin in this earlier version of WP, I used the .htaccess file that the plugin created and copied (after making a few changes) to the production site. The reason I accepted the answer, I did because Bad Behavior turned out to be a good plugin, and another tip was useful.

+5
source share
10 answers

IP-. ProjectHoneyPot IP- -, ...

, .htaccess
,

, , , , :

+4

?

WP current .htaccess:

<FilesMatch "wp-login.php">
    AuthName "WordPress Admin"
    AuthType Basic
    AuthUserFile /path/to/.htpasswd
    require valid-user
</FilesMatch>
+7

.htaccess wp-admin IP, user/pass. WordPress, , , Apache.htaccess , wordpress.

+1

, IP-, .htaccess.passwd, IP-. , , , .

+1

WordPress:

http://themext.com/protected-wp-login/

- , - GitHub

( URL-).

+1

epaps EDIT wp-login.php?, .htaccess, ( ) -, , wp-login.php/wp-admin ( ).

"", , php, wp-config.php .htaccess . () ! /wp -admin/URI ( , wp-login.php), /.

v1.3 WordPress 2.3 2.7.1. - 15 2011 , stealth-login.1.3.zip. WordPress - https://wordpress.org/download/release-archive/. 5- , /wp -content/plugins, .

WordPress 4.7.4 WooCommerce 3.0.5. , , 12. WooCommerce/my-account/customer-logout ( 302 URI /wp -login.php, , . , ​​ wpnonce.

, , - WooCommerce. , - epaps , .

RewriteRule ^signout wp-login.php?action=logout&_wpnonce=a3d57642ab&stealth_out_key=ow4hzd5lxudcetbgbfreaox6c1 [L]
RewriteRule ^signin wp-login.php?stealth_in_key=05gvov4wuuruahpuchpohavitl&redirect_to=https://yourwebsite.com/wp-admin/ [R,L]
RewriteRule ^admin wp-admin/?stealth_admin_key=f4ji1q6tpwr55s5a0h65clg0qk [R,L]
RewriteCond %{HTTP_REFERER} !^https://yourwebsite.com/wp-admin 
RewriteCond %{HTTP_REFERER} !^https://yourwebsite.com/wp-login\.php 
RewriteCond %{HTTP_REFERER} !^https://yourwebsite.com/signin 
RewriteCond %{HTTP_REFERER} !^https://yourwebsite.com/admin 
RewriteCond %{QUERY_STRING} !^stealth_in_key=05gvov4wuuruahpuchpohavitl 
RewriteCond %{QUERY_STRING} !^stealth_out_key=ow4hzd5lxudcetbgbfreaox6c1 
RewriteCond %{QUERY_STRING} !^stealth_reg_key=rue2bekyask21pwtegavqbbp5n 
RewriteCond %{QUERY_STRING} !^stealth_admin_key=f4ji1q6tpwr55s5a0h65clg0qk 
RewriteCond %{QUERY_STRING} !^action=logout&redirect_to=https%3A%2F%2Fyourwebsite.com%2Fmy-account%2F&_wpnonce= 
RewriteRule ^wp-login\.php https://yourwebsite.com [L] 
RewriteCond %{QUERY_STRING} ^loggedout=true 
RewriteRule ^wp-login\.php https://yourwebsite.com [L]
+1

, URL- , $_POST , URL- .

URL- WP, , 2013 .

http://wordpress.org/extend/plugins/stealth-login-page/

0

, .

functions.php , .

add_filter( 'xmlrpc_methods', 'remove_xmlrpc_pingback_ping' );
function remove_xmlrpc_pingback_ping( $methods ) {
unset( $methods['pingback.ping'] );

return $methods;
}

wplogin

0

, .

.

, admin admin. , "admin".

Admin "12345". html, "busted". , .

, , . . .

, .

-2

More articles:


All Articles