Jeffrey's Log

Archives | Subscribe

Recovering from wp-login.php attack

Recently I was not able to login to my wordpress account. If I visit my wp-login.php page, I was getting a 403 error. Initially I thought it was problem with my wordpress installation but it was not. The error was because of a brute force attack on the wordpress login pages. My server was blocking access to this page. Lot of people are facing this problem. So I thought of blogging. There are plugins to block this attack. But they can only be installed and activated once you are able to login.

Below is the solution for the wp-login.php issue which I found from internet. My initial target was to login. The quickest solution was to rename wp-login.php to a new file name and also replace with the new file name in the renamed wp-login.php file. In the following link, you will get the details how to do This is not a recommended method but a quick solution to get a login.

Once you login, you can search for wordpress security plugins. Some restricts the number of login, some hides the login page. Search and install which one you found better. I am using Better WP Security. Once you enable your security plugin, I would suggest to revert back to file name wp-login.php and also replace inside the php file.

Happy blogging!

Posted in: Blog, Review | Tagged under: , , , | 2 Comments


  1. Posted May 2, 2013 at 7:20 AM | Permalink

    Hello Jeffrey,

    I had a brand new site hacked before it was even publicized recently. I am trying out Better WP Security too as well as Wordfence. I have already been warned of another attack via one of WP’s pre-installed themes, so it’s best to delete those.

  2. Posted May 2, 2013 at 11:50 PM | Permalink

    i hate these errors, they sometimes surprise you and you don’t know what to do…

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>