Jeffrey's Log

Archives | Subscribe


Recovering from wp-login.php attack


Recently I was not able to login to my wordpress account. If I visit my wp-login.php page, I was getting a 403 error. Initially I thought it was problem with my wordpress installation but it was not. The error was because of a brute force attack on the wordpress login pages. My server was blocking access to this page. Lot of people are facing this problem. So I thought of blogging. There are plugins to block this attack. But they can only be installed and activated once you are able to login.

Below is the solution for the wp-login.php issue which I found from internet. My initial target was to login. The quickest solution was to rename wp-login.php to a new file name and also replace with the new file name in the renamed wp-login.php file. In the following link, you will get the details how to do http://wordpress.org/support/topic/wp-loginphp-change-to-your-custom-url. This is not a recommended method but a quick solution to get a login.

Once you login, you can search for wordpress security plugins. Some restricts the number of login, some hides the login page. Search and install which one you found better. I am using Better WP Security. Once you enable your security plugin, I would suggest to revert back to file name wp-login.php and also replace inside the php file.

Happy blogging!

Posted in: Blog, Review | Tagged under: , , , | 2 Comments