Hi @arutha176
You may use the WP Security > Brute force > cookie based brute force so you will have secret code url to access site which sets cookie in browser.
Also if you have static IP you can use WP Security > Brute force > Login whitelist. So that IP address only have access to login page
Regards
Hello! Thanks for the quick answer!
But my problem is not of securing the site. As far as I know, there is no breach. The problem is that before I didn’t have malicious attempts to login because my page was masked, and now I have a lot of traffic that is basically ddos. It impacts my site.
Your suggestions are not practical for me, unhappily. And I don’t see how they will reduce the number of attacks. In other words, I would like to go back to a situation where my login page was not exposed or easily found. I don’t understand how it was exposed, so I can’t find a way to undo what was done that exposed it.
regards!
Hi @arutha176
If your new renamed login page easily can be guessed by crawler it can be issue. Try use complex hard to know renamed login page and cross check.
You said you have a cache plugin do it caches that renamed login page and where it saved that login pag that directory accessible for the bot than only instantly can be known that renamed login page.
If that is not the case. AIOS saves the renamed login inside database wp_options table so if some how it can be read then only instantly can be know. Make sure your site is not hacked and have malicious code any.
Regards
Hi!
I blocked completely xmlrpc and purged caches. My plugin have an option to cache the “admin page” and now I made sure it is inactive. So far (some 12 hours), looks like it is working, but I will give it some more time before changing the other site.
I checked already for hacks and malicious code and looks like there is none. The new renamed page is something of a inside joke between some old friends that is not even in any language, a mishmash. If crawlers can guess that I’ll be convinced that AI is already sentient lol!
Let’s maintain this open for some days ok?
Oh, I have another question, pls: I know that in a multisite environment firewall controls will appear only in the main site. But is it normal behavior for the general AIOS panel on a subsite to indicate that the firewall is off?
Best regards!
Hi @arutha176
Ok, let’s wait for some days and if still any issue will try check in more detail.
Multi site environment have firewall settings for main site only. But firewall rules are general and it will be applied to all sites.
Giving firewall settings subsite wise will be more tedious and generally not required.
Hi!
Still good with new renamed page and so far didn’t have any problem with the full block of xmlrpc. Good!
I do have an insane number of “404 detect”, but I believe there is nothing to do there, right? Maybe a CDN later can help?
Thank you for explaining the subsite question. I would like to make a suggestion: that in the general panel subsite firewall shows as on, if it is active in the main site. Or, instead of a “firewall: off” you put some kind of notice that this is a main site config and “ok, don’t worry, your subsite is covered” (lol).
I believe I’m not the only almost newbie that is trying to protect her site and a “firewall: off” is quite scary and can give a feeling of insecurity.
Do you think we can close this topic or is it better to wait some more days?
Thank you again and best regards!
Hi @arutha176
You may use AIOS premium for automatically Blocking IP address creating 404 events. Premium does have the country blocking future also.
https://aiosplugin.com/why-upgrade-to-premium/
Thanks for your suggestion regarding subsites to have notice that the AIOS firewall features are applied by setting it in the main site. I will internally create a ticket for this if approved upcoming releases might have that.
Regards
