Rename wp-login.php

Home Forums BulletProof Security Free Rename wp-login.php

This topic contains 2 replies, has 2 voices, and was last updated by  Eyef 1 year, 5 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #32028

    Eyef
    Participant

    Hello.
    I have some problems.
    My site was hacked and now i do better protection.
    I have deleted all files from server and entire database)
    I have changed hosting password, install clear last version of wp and 1 new free wp theme from wordpress.org (theme cheked on themecheck.org – and cleared)
    I have created new DB with new name, new prefix, new pass.
    A have changed ftp pass.
    I install BPS and some plugings. Also i have renamed wp-login.php to random generated word with 10+ characters.
    And use autoreplace inside this file to replace wp-login.php to mynewname.php (example)
    and replace wp-login.php inside file general-template.php to mynewname.php

    After that i see 403 error and can’t login on my site by
    mysite.com\mynewname.php
    Also if i write
    mysite.com\wp-admin – it redirects to mysite.com\mynewname.php and i also see 403 error)

    my .htacess file contains XML-RPC protection bonus code, brute-force protection bonus code, POST Request Attack Protection and deny all protection for wp-login.php (to reduce site load)

    RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
    RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
    RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
    RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
    RewriteRule ^(.*)$ - [F,L]
    
    <FilesMatch "^(xmlrpc\.php)">
    Order Deny,Allow
    #Allow from x.x.x.
    Deny from all
    Order Deny,Allow
    Deny from all
    
    RewriteCond %{REQUEST_METHOD} POST [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-admin/ [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-cron.php [NC]
    # NEVER COMMENT OUT THIS LINE OF CODE BELOW FOR ANY REASON
    RewriteCond %{REQUEST_URI} !^.*/wp-login.php [NC]

    p.s. right now hackers sends more than 170 POST Request and more than 110 GET Request to my site.
    They wants to hack me with /xmlrpc.php) Because of that i can’t delete .htaccess from root folder.
    Without that – i can’t login.
    And i have dinamic IP.

    #32030

    AITpro Admin
    Keymaster

    There are several plugins that do that.  This is a good one and it has been tested and works with BPS:  Rename wp-login.php:  https://wordpress.org/plugins/rename-wp-login/

    #32032

    Eyef
    Participant

    Ok. I deleted my renamed file and turned back old)
    With this plugin login form works good.
    I hope this plugin does not make large server load.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.