+ Reply to Thread
Results 1 to 8 of 8

Thread: Blocking bots' access to WP login

  1. #1
    Top Contributor
    Join Date
    Jan 2012
    Location
    France. Between Limoges and Brive la Gaillarde.
    Posts
    1,273
    Blog Entries
    5
    Thanks
    2,874
    Thanked 458 Times in 331 Posts
    Rep Power
    21

    Blocking bots' access to WP login

    [[Edit: the following threads had taken a more general discussion off topic. For the original discussion, please see this thread:
    http://experienced-people.net/forums...h-bot-nonsense ]]

    Thanks to all who have dumped their wisdom into the posts above. Thinking about the suggestion of making wp-login accessible only via a secret page, I had another idea - what if I just change the name of wp-login to something else? Haven't tried it, but...
    Last edited by Kay; 4 January 2013 at 10:17 am. Reason: split thread

  2. #2
    Top Contributor Dave McM is a Premium Member
    Join Date
    Oct 2010
    Posts
    797
    Thanks
    501
    Thanked 407 Times in 253 Posts
    Rep Power
    19
    Depends how many other scripts call it, Chabrenas - you might have to spend a while checking that out before simply changing the file name, unless of course you're the only user and no other scripts are broken by the absence of wp-login.php.

  3. #3
    Top Contributor
    Join Date
    Jan 2012
    Location
    France. Between Limoges and Brive la Gaillarde.
    Posts
    1,273
    Blog Entries
    5
    Thanks
    2,874
    Thanked 458 Times in 331 Posts
    Rep Power
    21
    I'm the only user, which is why I thought it might be simpler - and more difficult to crack - if I just changed the filename.

  4. #4
    Top Contributor Dave McM is a Premium Member
    Join Date
    Oct 2010
    Posts
    797
    Thanks
    501
    Thanked 407 Times in 253 Posts
    Rep Power
    19
    Yes, I understand that. And even if you're not the only user, you could always tell other trusted people the new file name. But are you sure that no other scripts will be broken if there's no file called wp-login.php? That seems like an important consideration to me.

  5. #5
    Top Contributor
    Join Date
    Jan 2012
    Location
    France. Between Limoges and Brive la Gaillarde.
    Posts
    1,273
    Blog Entries
    5
    Thanks
    2,874
    Thanked 458 Times in 331 Posts
    Rep Power
    21
    No. I'm not sure. But no plugins have asked me to specify WP login details so that they could automatically log in, and I don't want anyone else to log in manually. Can you think of any other reason for invoking wp-login.php?

  6. #6
    Junior Member
    Join Date
    Dec 2012
    Posts
    37
    Thanks
    88
    Thanked 26 Times in 15 Posts
    Rep Power
    4
    On Wordpress security, I've recently started using 2 plugins that I can highly recommend:

    Better WP Security combines many security features in a single plugin - also can creates backups, does intrusion detection and monitors file changes. It has a clear interface and I find it well built and easy to use.

    The other one is Wordfence which can act as a kind of firewall and scans your site for malware, also well worth looking into.

  7. The Following User Says Thank You to Dave For This Useful Post:

    Chabrenas (1 March 2013)

  8. #7
    Top Contributor
    Join Date
    Jan 2012
    Location
    France. Between Limoges and Brive la Gaillarde.
    Posts
    1,273
    Blog Entries
    5
    Thanks
    2,874
    Thanked 458 Times in 331 Posts
    Rep Power
    21
    Update: I tried a couple of plugins, but couldn't get them to work properly. Rather than waste any more time, I just changed wp-login.php's name. That has worked fine for 3 months, and renaming it before and after logging in to create a new post, etc., is simple and foolproof.

  9. The Following User Says Thank You to Chabrenas For This Useful Post:

    JimWaller (26 May 2013)

  10. #8
    aka "bryanon"
    Join Date
    Sep 2010
    Posts
    671
    Thanks
    79
    Thanked 165 Times in 79 Posts
    Rep Power
    14
    I'm not a big fan of changing around the core functions of a software package as doing it usually triggers a whole enchilada of problems, with the simplest one being things not getting properly updated when a new version of the said software package is released.

    With that said, why don't you just apply an .htaccess auth to your /wp-admin directory?

    This way any local scripts can still access the files within your /wp-admin directory at their correct paths, but at the same time no-one from the outside will be able to access them without first bypassing the .htaccess authentication.

    Or alternatively, if it's only you managing the site then (provided you don't have a dynamic IP) you can always allow access from only your IP. This is what I tend to do with any systems that I don't want to be accessed from the outside.

  11. The Following User Says Thank You to Bryan For This Useful Post:

    Chabrenas (6 June 2013)

+ Reply to Thread

Similar Threads

  1. Replies: 3
    Last Post: 12 July 2011, 4:29 pm
  2. Unique Bots for Twitter Great News for Spammers and Lobby Groups etc
    By grynge in forum Foo - everything off-topic
    Replies: 3
    Last Post: 29 March 2011, 4:06 pm
  3. Improve your SEO by restricting SE bots
    By Clinton in forum General & Miscellaneous
    Replies: 2
    Last Post: 22 March 2011, 11:13 am
  4. Gmail blocking addressbook access - I thought it was good news
    By Clinton in forum General & Miscellaneous
    Replies: 23
    Last Post: 16 November 2010, 11:00 am

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts