[ad_1]
I use a security plugin that hides my login slug so it’s no longer blank.com/wp-admin but instead a really long, almost random password where the wp-admin would normally be. I have about ten or twelve sites parked and this site is probably the most promising in terms of a memorable name and it’s the only site that I get daily security warnings about locking out IP addresses for too many attempts to login.
[ad_2]
Change the url again?
There’s a famous saying in cybersecurity, “security by obscurity is no security at all.” Changing the URL is just a fool’s errand. Maybe the new URL is included in your sitemap or hidden on an HTML page somewhere and a bot found it. Maybe your hosting provider’s web server logs were compromised or sold. Whatever happened will probably happen again.
The important thing is that your security plugin caught the failed login attempts and blocked the IP addresses. You can and should use two-factor authentication as well.
It should make no difference if your login page is the default or a random string that changes every 30 seconds because your login process should be impervious to brute-force attempts.
Some “security” plugins don’t block /wp-login.php so changing /wp-admin doesn’t change anything. Even if they do, security by obscurity is not real security. Use strong passwords (ie randomly generated), rate limit like you already are doing and 2FA if you want to be extra safe. Wordfence is a great security plugin and rate limits logins. Do NOT install multiple security plugins that do the same thing.
Ultimately the warning about locking out IP’s is a good thing. Its doing what it should be doing. Bots will attempt to login and get blocked after just a few attempts and move on to another site.
Wordfence Premium has a really good firewall that preemptively blocks IPs based on activity across other protected sites. The company also finds a LOT of plugin vulnerabilities and attempt to mitigate the vulnerability until an update is released.
Go to blank.com/xmlrpc.php and check if it’s been left open. If yes, then it could be they are attempting to login via the WordPress API which is a legacy default.
You can disable it in your .htaccess file with:
<Files “xmlrpc.php”>
Require all denied
</Files>
Do you have a firewall? Have you installed Word fence and done country blocking? Is the website hosted on a rock solid secure local Web host?