[ad_1]
Every day I have several login attempts for one of my websites. Spaced like 12 hours apart and from different IP addresses (using a VPN I imagine) so the auto-block feature won’t be activated.
I have the login address for my website changed from the normal wp-admin to a word of my choosing to prevent this from happening. How do I keep getting these login attempts? The emails I get about it have a backtrace attached but I haven’t figured out how that is helpful at all.
Thank you
[ad_2]
Because they are using xmlrpc to attack so your naming does nothing.
If you are only getting a few, count yourself lucky. There really is nothing you can do to stop 100% of these attempts. Just use best practices with strong passwords, 2FA, dont use ‘admin’ as a username, Cloudflare free definitely helps, and a solid security plugin like Shield Security. And as someone else mentioned, hiding your login isnt going to help.
Obfuscation is not security. Login security should be handled by strong passwords, 2fa, and blocking non-existing username attempts. Obfuscation is only for DDoS mitigation.