arrow_upward

Pages (2):
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
More wordpress security for login management page
#11
I did post a reply yesterday where I was asking the OP's author to tell us what web server he was running. After a brief reflection, I removed it...

Reading the post bellow, I'm now sure I did the right thing.
(05-17-2020, 02:04 PM)hamed Wrote: A hacker can never attack my site's admin page because my site is highly secure by the data center. But a super professional hacker can do that (crack). But you say attack. Anyone who wants to attack the site will not only attack one subdomain but also the entire site server

Just for the record. A datacenter can only "protect" you from network-based attacks, not application-layer ones. Your website, on the other hand, is as safe as the code running it!.. A vulnerability here or there and you're open to ABUSE... That's all it takes!

Because you're running a well-known generic CMS, whose code is public domain, thus everybody knows where to search for stuff, then you better have as a good knowledge of it as the next guy who will be "knocking" on your website's door.

This is why my position on generic CMS, forums etc has always been a NO GO!... especially for people who don't realize the challenge they are facing, by just using it. Of course, no one is listening to my extremist view on this :-)

For the admin section of the Wordpress CMS, it's a well-know target for script kiddies. The IP-filtering is the classic shield, as suggested above.

Good luck anyway!
VirMach's Buffalo_VPS-9 Holder (Dec. 20 - July 21)
microLXC's Container Holder (july 20 - ?)
VirMach's Phoenix_VPS-9 Holder (Apr. 20 - June 20)
NanoKVM's NAT-VPS Holder (jan. 20 - ?)
#12
(05-17-2020, 05:11 PM)fChk Wrote: I did post a reply yesterday where I was asking the OP's author to tell us what web server he was running. After a brief reflection, I removed it...

Reading the post bellow, I'm now sure I did the right thing.

Just for the record. A datacenter can only "protect" you from network-based attacks, not application-layer ones. Your website, on the other hand, is as safe as the code running it!.. A vulnerability here or there and you're open to ABUSE... That's all it takes!

Because you're running a well-known generic CMS, whose code is public domain, thus everybody knows where to search for stuff, then you better have as a good knowledge of it as the next guy who will be "knocking" on your website's door.

This is why my position on generic CMS, forums etc has always been a NO GO!... especially for people who don't realize the challenge they are facing, by just using it. Of course, no one is listening to my extremist view on this :-)

For the admin section of the Wordpress CMS, it's a well-know target for script kiddies. The IP-filtering is the classic shield, as suggested above.

Good luck anyway!

it is true . no system is safe and datacenter probably only have protection for DDOS attack . i rarely see datacenter have WAF that actually protect web application . for the security of wordpress or CMS it is up to you . start by installing security plugin to prevent most wordpress attack . and also use WAF or web application firewall if available to prevent attack of the web application . in this case wordpress
Terminal
humanpuff69@FPAX:~$ Thanks To Shadow Hosting And Post4VPS for VPS 5
#13
OP's site is getting brute forced and it's kinda happen to most of CMS sites. As for Wordpress the most common attacks happens to WP-Admin.php and xmlrpc.php. the later one has to deal with .htaccess. You need to put an deny rule for it direct access to xmlrpc.php and limited the access to few IP addresses such as Jetpack server.

As for wp-admin I use a plugin call WPS Hide Login. It changes the login url to whatever you like and returen a 404 for original one.


~ Be yourself everybody else is taken ~




#14
(05-16-2020, 01:58 PM)hamed Wrote: Hello . My friends, I use Wordpress for my site. For more security, I want the link www.mydoamin.com/admin to be disabled, and whenever I need to login, I need to enable it ... Please help.
[font=MsYekan, Tahoma]I want to do this because I've had several unsuccessful logs of different IPs that have tried to infiltrate the site's management system many times. I use the php security system to edit a series of site information, and I close it whenever I don't need it, but this is also very important for / admin.[/font]

@hamed In addition to all of the contributions in this discussion, I think the easiest and best solution is the one provided by @xdude. @xdude is a seasoned WordPress PRO. I'm going to add this to my WordPress sites from now on.

(05-26-2020, 01:46 AM)xdude Wrote: As for wp-admin I use a plugin call WPS Hide Login. It changes the login url to whatever you like and returen a 404 for original one.

On this note I think we've covered most of everything of how to hide your WP login. I'm going to close this discussion. If you need to re-open it at any point in time please PM me.
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
Pages (2):
lockThread Closed 


Possibly Related Threads…
Thread
Author
Replies
Views
Last Post
3,518
03-13-2019, 02:08 PM
Last Post: rudra

person_pin_circle Users browsing this thread: 1 Guest(s)
Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis - Limitless Hosting