Author Topic: wp-login.php (Read 1578 times)

Maumelle Weather · « **on:** May 10, 2017, 01:14:07 PM »

Has anyone else seen a dramatic increase in the number of wp-login.php hits in their logs? Hits on mine have gone up tremendously in the last few days.

Today's logs so far show hits from the following countries: Uraguay, Indonesia, Pakistan, Canada, The Netherlands, Korea, United States, Estonia, India, Philippines, Mongolia, Romania, Oman, etc.

For those who have the capability to use an .htaccess file on their webhost, you can add the following to that file to block the requests:

<Files wp-login.php>
Order Deny,Allow
Deny from All
</Files>

When using the above, make sure you know how (punctuation is everything), otherwise when you go to your website, you will get a 500 server error and then wonder why your site isn't working.

John

Jáchym · « **Reply #1 on:** May 10, 2017, 01:20:06 PM »

Hi John,
I think it is not like something major changed now - it is usually the case that you were discovered by some nasty bot, which then shares it with many other ones and so it is like a chain reaction. I had this problem too in the past, where some bot discovered my guestbook and next few days it was just spam after spam

Maumelle Weather · « **Reply #2 on:** May 10, 2017, 01:24:20 PM »

That may well be possible. I normally have 10-30 hits a day on wp-login.php, but then it suddenly jumped to over a 100 a day.

miraculon · « **Reply #3 on:** May 10, 2017, 01:34:50 PM »

I had a rash of this wp-login.php at the first of this year. (2017) It got so bad that my site would not load.
At first I tried blocking the offending IP addresses, but this got away from me in short order.
Then, I tried adapting a "bot trap" and that seemed to work, but I ended up using the same .htaccess command that John S. mentioned.
I have both of them in my .htaccess, belts and suspenders....

Greg H.

Maumelle Weather · « **Reply #4 on:** May 10, 2017, 01:39:11 PM »

Agreed, Greg.

Playing "whack-a-mole" with the wp-login.php IP list got old quick. With my .htaccess list, I now add only the worst offenders, especially considering my file is now over 1100 lines long. It's an extensive list with the IP's being broken down by country. I have several complete countries in said list.

John

vreihen · « **Reply #5 on:** May 10, 2017, 07:32:04 PM »

Looks like the script kiddies found another WordPress hole, and are scanning web sites looking for vulnerable ones.....

News:

Author Topic: wp-login.php (Read 1578 times)

Maumelle Weather

wp-login.php

Jáchym

Re: wp-login.php

Maumelle Weather

Re: wp-login.php

miraculon

Re: wp-login.php

Maumelle Weather

Re: wp-login.php

vreihen

Re: wp-login.php