We were forced to temporarily disable access to the wp-login.php script on some accounts that were being brute forced [bots guessing passwords via wp-login.php] hard enough to affect overall server performance for everybody. This block only disables access to the admin and keeps the rest of your site online.
We would **strongly** suggest you follow the steps outlined below. If you follow the directions outlined below you will not end up with a block put in place again as bots will not be able to find your log-in to be able to brute force it. If you simply remove the block and take no additional steps it's possible that the block will be put back in place again. Directions to remove the block can be found at the bottom
This plugin is available directly from the WordPress plugin library via Dashboard -> Plugins -> Add New -> Search for "Rename wp-login.php" or can be downloaded to install manually at http://wordpress.org...ename-wp-login/.
(If you have already installed the plugin please scroll to the bottom of this page)
We strongly advise you take a full backup of your database and/or your cPanel account prior to installing or configuring either of these plugins just in case. It is possible if you're running an outdated version of WordPress, outdated plugins, or outdated themes that you could run into issues.
Once the "Rename wp-login.php" plugin is installed you can change the "wp-login.php" to anything you'd like without interfering with site functionality at all via the Settings -> Permalinks options:
The option looks like this:
In my case I simply changed it to "login-wp" but it really doesn't matter what you change it to as your wp-admin will redirect there automatically just as it would normally do with the default wp-login.php.
We strongly advise you take a full backup of your database and/or your cPanel account prior to installing or configuring either of these plugins just in case. It is possible if you're running an outdated version of WordPress, outdated plugins, or outdated themes that you could run into issues.
To gain access to your WPAdmin backend to make these changes it will probably be necessary to remove the block that was put in place. We created, if it did not exist, or appended to the /home/your-cpanel-username/.htaccess file the following lines:
This is not in /public_html/.htaccess. It *is* in /.htaccess.
- # The following lines have been put in place by your hosting provider as your site was under a brute force dictionary attack.
- # You can provide yourself access to the wp-admin by adding an "Allow from" line with your IP address before the "Deny from all" line.
- # If you need to allow multiple users in you can remove the following lines entirely if you need or you can add multiple "Allow from" lines.
- #
- # If you have any questions about this at all, do please get with your hosting provider for support.
- #
- <Files"wp-login.php">
- OrderAllow,Deny
- # Uncomment the following line and change the number to your IP address. You can find your IP address at http://www.whatismyip.php/
- # Allow from 123.456.789.012
- Denyfrom all
- </Files>
- #
- #
- # End of brute-force block. If you do wish to remove the block entirely do not remove beyond this line.
You can remove the "#" from the beginning of the 10th line and change the number "123.456.789.012" to your IP address [ http://www.mddhostin.../whatismyip.php / http://www.whatismyip.php/ ]. This will permit you the ability to log into your WP-Admin while keeping attackers out.
You can make these changes via FTP in the "/" folder you will see a file called ".htaccess" or you can do it via the cPanel -> File Manager [also in "/"] but you may need to set it to show hidden files.
IMPORTANT
You will also want to add the following lines to the .htaccess of the site you renamed:
# Prevent the 404 system from answering bots
RedirectMatch 403 (.*)wp-login\.php$
What we have seen happen is that the bots will hammer the 404 page of the site just as much as the normal page.
If you have difficulty making changes to this file to install the wplogin utility please either reply to the notice or open a new ticket with us so we can assist.