Join the community today
Become a Member

Wordpress wp-admin protection being bypassed by bots?

Discussion in 'Blogs & CMS usage' started by joshuah, Jul 15, 2017.

  1. joshuah

    joshuah Member

    116
    14
    18
    Apr 3, 2017
    Ratings:
    +16
    Local Time:
    9:38 AM
    For some strange reason i've been getting a heap of bots from random IP addresses trying to login to wordpress admin but getting blocked... even though (at least I think) the wp-admin protection is enabled (installed via option 22).

    All the logs look like this:

    Code:
    Message: User authentication failed: webadmin; password: FailedLoginFooter 
    They obviously use the correct admin username (which is weird).. there is two sites which have it as well... odd!
     
  2. joshuah

    joshuah Member

    116
    14
    18
    Apr 3, 2017
    Ratings:
    +16
    Local Time:
    9:38 AM
    They are all using the same password though?
     
  3. eva2000

    eva2000 Administrator Staff Member

    29,743
    6,719
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,031
    Local Time:
    9:38 AM
    Nginx 1.13.x
    MariaDB 5.5
    have you verified wp-login.php http authentication is working ? output for
    Code (Text):
    curl -I http://yourdomain.com/wp-login.php
    

    what does the nginx vhost's access and error logs say for those /wp-login.php requests ?

    what does site nginx vhost yourdomain.com.conf file's contents look like ?
     
  4. eva2000

    eva2000 Administrator Staff Member

    29,743
    6,719
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,031
    Local Time:
    9:38 AM
    Nginx 1.13.x
    MariaDB 5.5
    or maybe Are there ways of logging in that bypass wp-login.php altogether?
    centmin mod menu option 22 installed wordpress usually installs disable-xml-rpc wp plugin to auto disable xml-rpc and rate limits xmlrpc.php requests
     
    Last edited: Jul 15, 2017
  5. inthecloudblog

    inthecloudblog Active Member

    174
    32
    28
    Jan 26, 2016
    Ratings:
    +73
    Local Time:
    8:38 PM
    1.4.6
    changing the location and name helped me in the past