Problems activating your account? Send notification email to: admin@post4vps.com
Host4Fun Budget VPS Hosting

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
More wordpress security for login management page
#11
I did post a reply yesterday where I was asking the OP's author to tell us what web server he was running. After a brief reflection, I removed it...

Reading the post bellow, I'm now sure I did the right thing.
(05-17-2020, 02:04 PM)hamed Wrote:  A hacker can never attack my site's admin page because my site is highly secure by the data center. But a super professional hacker can do that (crack). But you say attack. Anyone who wants to attack the site will not only attack one subdomain but also the entire site server

Just for the record. A datacenter can only "protect" you from network-based attacks, not application-layer ones. Your website, on the other hand, is as safe as the code running it!.. A vulnerability here or there and you're open to ABUSE... That's all it takes!

Because you're running a well-known generic CMS, whose code is public domain, thus everybody knows where to search for stuff, then you better have as a good knowledge of it as the next guy who will be "knocking" on your website's door.

This is why my position on generic CMS, forums etc has always been a NO GO!... especially for people who don't realize the challenge they are facing, by just using it. Of course, no one is listening to my extremist view on this :-)

For the admin section of the Wordpress CMS, it's a well-know target for script kiddies. The IP-filtering is the classic shield, as suggested above.

Good luck anyway!
#12
(05-17-2020, 05:11 PM)fChk Wrote:  I did post a reply yesterday where I was asking the OP's author to tell us what web server he was running. After a brief reflection, I removed it...

Reading the post bellow, I'm now sure I did the right thing.

Just for the record. A datacenter can only "protect" you from network-based attacks, not application-layer ones. Your website, on the other hand, is as safe as the code running it!.. A vulnerability here or there and you're open to ABUSE... That's all it takes!

Because you're running a well-known generic CMS, whose code is public domain, thus everybody knows where to search for stuff, then you better have as a good knowledge of it as the next guy who will be "knocking" on your website's door.

This is why my position on generic CMS, forums etc has always been a NO GO!... especially for people who don't realize the challenge they are facing, by just using it. Of course, no one is listening to my extremist view on this :-)

For the admin section of the Wordpress CMS, it's a well-know target for script kiddies. The IP-filtering is the classic shield, as suggested above.

Good luck anyway!

it is true . no system is safe and datacenter probably only have protection for DDOS attack . i rarely see datacenter have WAF that actually protect web application . for the security of wordpress or CMS it is up to you . start by installing security plugin to prevent most wordpress attack . and also use WAF or web application firewall if available to prevent attack of the web application . in this case wordpress
Terminal
humanpuff69@FPAX:~$ Thanks To Shadow Hosting And Post4VPS for VPS 5
#13
OP's site is getting brute forced and it's kinda happen to most of CMS sites. As for Wordpress the most common attacks happens to WP-Admin.php and xmlrpc.php. the later one has to deal with .htaccess. You need to put an deny rule for it direct access to xmlrpc.php and limited the access to few IP addresses such as Jetpack server.

As for wp-admin I use a plugin call WPS Hide Login. It changes the login url to whatever you like and returen a 404 for original one.
Affordable Game Severs from ShadowHosting starts from 2.50$ per Month

~ Be yourself everybody else is taken ~




#14
(05-16-2020, 01:58 PM)hamed Wrote:  Hello . My friends, I use Wordpress for my site. For more security, I want the link http://www.mydoamin.com/admin to be disabled, and whenever I need to login, I need to enable it ... Please help.
I want to do this because I've had several unsuccessful logs of different IPs that have tried to infiltrate the site's management system many times. I use the php security system to edit a series of site information, and I close it whenever I don't need it, but this is also very important for / admin.

@hamed In addition to all of the contributions in this discussion, I think the easiest and best solution is the one provided by @xdude. @xdude is a seasoned WordPress PRO. I'm going to add this to my WordPress sites from now on.

(05-26-2020, 01:46 AM)xdude Wrote:  As for wp-admin I use a plugin call WPS Hide Login. It changes the login url to whatever you like and returen a 404 for original one.

On this note I think we've covered most of everything of how to hide your WP login. I'm going to close this discussion. If you need to re-open it at any point in time please PM me.
Terminal
Thank you to Post4VPS and VirMach for my awesome VPS 9!  
 


Possibly Related Threads...
Thread Author Replies Views Last Post
  Wordpress Editor (yoastSEO editor) hamed 7 395 10-26-2019, 10:16 PM
Last Post: deanhills
  Script Server [ Login / Register ] PemburuHantu 2 516 08-06-2019, 01:07 PM
Last Post: PemburuHantu
  Wordpress, Host or SSL Rehan 8 1,302 03-13-2019, 02:08 PM
Last Post: rudra
  Big WordPress change coming - 5.0 Gutenberg deanhills 6 2,901 08-23-2018, 08:27 PM
Last Post: Kururin

Forum Jump:


Users browsing this thread: 1 Guest(s)

Sponsors: VirMach - Host4Fun - CubeData - Evolution-Host - HostDare - Hyper Expert - Shadow Hosting - Bladenode - Hostlease - RackNerd - ReadyDedis


About Post4VPS

Post4VPS is a forum/destiny where you can Delploy Your Free VPSs just by the Power of Posts.

We Provide VPSs of many locations like Germany,US,Canada,France,London,etc.

We also Provide VPSs of Both Linux and Windows OS.