[fChk]

I did post a reply yesterday where I was asking the OP's author to tell us what web server he was running. After a brief reflection, I removed it...

Reading the post bellow, I'm now sure I did the right thing.

A hacker can never attack my site's admin page because my site is highly secure by the data center. But a super professional hacker can do that (crack). But you say attack. Anyone who wants to attack the site will not only attack one subdomain but also the entire site server

Just for the record. A datacenter can only "protect" you from network-based attacks, not application-layer ones. Your website, on the other hand, is as safe as the code running it!.. A vulnerability here or there and you're open to ABUSE... That's all it takes!

Because you're running a well-known generic CMS, whose code is public domain, thus everybody knows where to search for stuff, then you better have as a good knowledge of it as the next guy who will be "knocking" on your website's door.

This is why my position on generic CMS, forums etc has always been a NO GO!... especially for people who don't realize the challenge they are facing, by just using it. Of course, no one is listening to my extremist view on this :-)

For the admin section of the Wordpress CMS, it's a well-know target for script kiddies. The IP-filtering is the classic shield, as suggested above.

Good luck anyway!

[humanpuff69]

I did post a reply yesterday where I was asking the OP's author to tell us what web server he was running. After a brief reflection, I removed it...

Reading the post bellow, I'm now sure I did the right thing.

Just for the record. A datacenter can only "protect" you from network-based attacks, not application-layer ones. Your website, on the other hand, is as safe as the code running it!.. A vulnerability here or there and you're open to ABUSE... That's all it takes!

Because you're running a well-known generic CMS, whose code is public domain, thus everybody knows where to search for stuff, then you better have as a good knowledge of it as the next guy who will be "knocking" on your website's door.

This is why my position on generic CMS, forums etc has always been a NO GO!... especially for people who don't realize the challenge they are facing, by just using it. Of course, no one is listening to my extremist view on this :-)

For the admin section of the Wordpress CMS, it's a well-know target for script kiddies. The IP-filtering is the classic shield, as suggested above.

Good luck anyway!

it is true . no system is safe and datacenter probably only have protection for DDOS attack . i rarely see datacenter have WAF that actually protect web application . for the security of wordpress or CMS it is up to you . start by installing security plugin to prevent most wordpress attack . and also use WAF or web application firewall if available to prevent attack of the web application . in this case wordpress

[xdude]

OP's site is getting brute forced and it's kinda happen to most of CMS sites. As for Wordpress the most common attacks happens to WP-Admin.php and xmlrpc.php. the later one has to deal with .htaccess. You need to put an deny rule for it direct access to xmlrpc.php and limited the access to few IP addresses such as Jetpack server.

As for wp-admin I use a plugin call WPS Hide Login. It changes the login url to whatever you like and returen a 404 for original one.

[deanhills]

Hello . My friends, I use Wordpress for my site. For more security, I want the link www.mydoamin.com/admin to be disabled, and whenever I need to login, I need to enable it ... Please help.
[font=MsYekan, Tahoma]I want to do this because I've had several unsuccessful logs of different IPs that have tried to infiltrate the site's management system many times. I use the php security system to edit a series of site information, and I close it whenever I don't need it, but this is also very important for / admin.[/font]

@hamed In addition to all of the contributions in this discussion, I think the easiest and best solution is the one provided by @xdude. @xdude is a seasoned WordPress PRO. I'm going to add this to my WordPress sites from now on.

As for wp-admin I use a plugin call WPS Hide Login. It changes the login url to whatever you like and returen a 404 for original one.

On this note I think we've covered most of everything of how to hide your WP login. I'm going to close this discussion. If you need to re-open it at any point in time please PM me.