More wordpress security for login management page - Printable Version +- Post4VPS Forum | Free VPS Provider (https://post4vps.com) +-- Forum: Geek World (https://post4vps.com/Forum-Geek-World) +--- Forum: Scripting & Programming (https://post4vps.com/Forum-Scripting-Programming) +--- Thread: More wordpress security for login management page (/Thread-More-wordpress-security-for-login-management-page) Pages:
1
2
|
RE: More wordpress security for login management page - fChk - 05-17-2020 I did post a reply yesterday where I was asking the OP's author to tell us what web server he was running. After a brief reflection, I removed it... Reading the post bellow, I'm now sure I did the right thing. (05-17-2020, 02:04 PM)hamed Wrote: A hacker can never attack my site's admin page because my site is highly secure by the data center. But a super professional hacker can do that (crack). But you say attack. Anyone who wants to attack the site will not only attack one subdomain but also the entire site server Just for the record. A datacenter can only "protect" you from network-based attacks, not application-layer ones. Your website, on the other hand, is as safe as the code running it!.. A vulnerability here or there and you're open to ABUSE... That's all it takes! Because you're running a well-known generic CMS, whose code is public domain, thus everybody knows where to search for stuff, then you better have as a good knowledge of it as the next guy who will be "knocking" on your website's door. This is why my position on generic CMS, forums etc has always been a NO GO!... especially for people who don't realize the challenge they are facing, by just using it. Of course, no one is listening to my extremist view on this :-) For the admin section of the Wordpress CMS, it's a well-know target for script kiddies. The IP-filtering is the classic shield, as suggested above. Good luck anyway! RE: More wordpress security for login management page - humanpuff69 - 05-26-2020 (05-17-2020, 05:11 PM)fChk Wrote: I did post a reply yesterday where I was asking the OP's author to tell us what web server he was running. After a brief reflection, I removed it... it is true . no system is safe and datacenter probably only have protection for DDOS attack . i rarely see datacenter have WAF that actually protect web application . for the security of wordpress or CMS it is up to you . start by installing security plugin to prevent most wordpress attack . and also use WAF or web application firewall if available to prevent attack of the web application . in this case wordpress RE: More wordpress security for login management page - xdude - 05-26-2020 OP's site is getting brute forced and it's kinda happen to most of CMS sites. As for Wordpress the most common attacks happens to WP-Admin.php and xmlrpc.php. the later one has to deal with .htaccess. You need to put an deny rule for it direct access to xmlrpc.php and limited the access to few IP addresses such as Jetpack server. As for wp-admin I use a plugin call WPS Hide Login. It changes the login url to whatever you like and returen a 404 for original one. RE: More wordpress security for login management page - deanhills - 05-26-2020 (05-16-2020, 01:58 PM)hamed Wrote: Hello . My friends, I use Wordpress for my site. For more security, I want the link www.mydoamin.com/admin to be disabled, and whenever I need to login, I need to enable it ... Please help. @hamed In addition to all of the contributions in this discussion, I think the easiest and best solution is the one provided by @xdude. @xdude is a seasoned WordPress PRO. I'm going to add this to my WordPress sites from now on. (05-26-2020, 01:46 AM)xdude Wrote: As for wp-admin I use a plugin call WPS Hide Login. It changes the login url to whatever you like and returen a 404 for original one. On this note I think we've covered most of everything of how to hide your WP login. I'm going to close this discussion. If you need to re-open it at any point in time please PM me. |