Join the community today
Register Now

Wordpress wp-admin protection being bypassed by bots?

Discussion in 'Blogs & CMS usage' started by joshuah, Jul 15, 2017.

  1. joshuah

    joshuah Member

    115
    14
    18
    Apr 3, 2017
    Ratings:
    +16
    Local Time:
    6:45 PM
    For some strange reason i've been getting a heap of bots from random IP addresses trying to login to wordpress admin but getting blocked... even though (at least I think) the wp-admin protection is enabled (installed via option 22).

    All the logs look like this:

    Code:
    Message: User authentication failed: webadmin; password: FailedLoginFooter 
    They obviously use the correct admin username (which is weird).. there is two sites which have it as well... odd!
     
  2. joshuah

    joshuah Member

    115
    14
    18
    Apr 3, 2017
    Ratings:
    +16
    Local Time:
    6:45 PM
    They are all using the same password though?
     
  3. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,535
    Local Time:
    6:45 PM
    Nginx 1.13.x
    MariaDB 5.5
    have you verified wp-login.php http authentication is working ? output for
    Code (Text):
    curl -I http://yourdomain.com/wp-login.php
    

    what does the nginx vhost's access and error logs say for those /wp-login.php requests ?

    what does site nginx vhost yourdomain.com.conf file's contents look like ?
     
  4. eva2000

    eva2000 Administrator Staff Member

    28,348
    6,438
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,535
    Local Time:
    6:45 PM
    Nginx 1.13.x
    MariaDB 5.5
    or maybe Are there ways of logging in that bypass wp-login.php altogether?
    centmin mod menu option 22 installed wordpress usually installs disable-xml-rpc wp plugin to auto disable xml-rpc and rate limits xmlrpc.php requests
     
    Last edited: Jul 15, 2017
  5. inthecloudblog

    inthecloudblog Active Member

    162
    29
    28
    Jan 26, 2016
    Ratings:
    +67
    Local Time:
    5:45 AM
    1.4.6
    changing the location and name helped me in the past