Plugin Author
WPChef
(@wpchefgadget)
Please let us know which plugin you used for that. If it uses regular WP authorization hooks, LLAR should work with it just fine.
Thread Starter
sme9
(@sme9)
I used a plug-in called Admin and Site Enhancements (ASE)
What are the “regular WP authorization hooks”?
I have deleted login.php in the root but still i get multiple warnings (emails). So my question is the same as sme9: Where does it measure?
(To make it clear, I restore the file login.php when I want to login, after I write a new post, I again delete the file login.php, plus I have .htaccess in the folder wp-admin which deny all ip-addresses except for the ip-address I have at that moment when I want to login and then I even remove that ip-address from the .htaccess).
I found the pitfall, it is this file: xmlrpc.php
Read here how to disable it: What Is xmlrpc.php in WordPress and Why You Should Disable It (hostinger.com)
add this to .htaccess:
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
Plugin Author
WPChef
(@wpchefgadget)
Yes, there are several login gateways in WP, not just wp-login.php. You’re correct, the xmlrpc one gets attacked too. Other plugins might create their own login pages, like Woocommerce.
