Jump to content


Photo

Modifying and/or removing wp-login.php Block


  • Please log in to reply
8 replies to this topic

#1 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,873 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 09 May 2014 - 02:52 PM

We have had to place some blocks for wp-login.php on affected accounts in some cases.  Here are two such examples:

http://forums.mddhos...as-and-jasmine/

http://forums.mddhos...s-put-in-place/

 

We have, to ensure server stability and account speed, blocked access to the wp-login.php for any affected accounts. You can, however, allow yourself in and, if needed, remove the block entirely.

We created, if it did not exist, or appended to the /home/your-cpanel-username/.htaccess file the following lines:

 

This is not in /public_html/.htaccess.  It *is* in /.htaccess.

# The following lines have been put in place by your hosting provider as your site was under a brute force dictionary attack.
# You can provide yourself access to the wp-admin by adding an "Allow from" line with your IP address before the "Deny from all" line.
# If you need to allow multiple users in you can remove the following lines entirely if you need or you can add multiple "Allow from" lines.
#
# If you have any questions about this at all, do please get with your hosting provider for support.
#
<Files "wp-login.php">
Order Allow,Deny
# Uncomment the following line and change the number to your IP address.  You can find your IP address at http://www.whatismyip.com/
# Allow from 123.456.789.012
Deny from all
</Files>
#
#
# End of brute-force block.  If you do wish to remove the block entirely do not remove beyond this line.

You can remove the "#" from the beginning of the 10th line and change the number "123.456.789.012" to your IP address [ http://www.mddhostin.../whatismyip.php / http://www.whatismyip.com/ ]. This will permit you the ability to log into your WP-Admin while keeping attackers out.

You can make these changes via FTP in the "/" folder you will see a file called ".htaccess" or you can do it via the cPanel -> File Manager [also in "/"] but you may need to set it to show hidden files.

Do please understand that if your wp-login.php has been blocked with this code it is because your site was under attack by bots trying to guess your passwords. We hate to make modifications to client accounts, however, in this case we have been forced to do so to ensure server stability.

If you have any questions at all about this do not hesitate to ask. If the question is specific to your account it is likely best if you open a new support ticket and reference this thread.


  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#2 Leah2

Leah2

    Member

  • Members
  • PipPip
  • 27 posts
  • Gender:Not Telling

Posted 07 June 2014 - 06:20 PM

As usual MDD is doing a great job!

 

Is there any chance of changes like these going out to affected accounts in an email blast in the future? Kind of a heads up? I know you can't do it for every issue...

 

Thanks again,

 

L


  • 0

Electronic Logic Concepts

 

“What is Your Digital Strategy? Websites Built With SEO First Practices”

 

www.ELC-SEO.com


#3 HelgeSverre

HelgeSverre

    Newbie

  • Members
  • Pip
  • 1 posts
  • Gender:Male
  • Location:Norway
  • Interests:Web development, Freelancing, Hosting, Programming and Game Development.

Posted 26 June 2014 - 03:26 PM

Really nice work guys, although I'd like to be notified of this next time. :P


  • 0

I am a Freelance Web Developer (I'm for hire)

I also blog about Web Development, Music and Randomness


#4 Nora

Nora

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 26 June 2014 - 03:52 PM

Thanks a lot for the very clear instructions (even a newbie like me was able to follow!)

 

I still have a question. I installed the Rename wp-login.php plugin as suggested, do I need to remove the block entirely now or should I leave it? What are the consequences of one or the other option? Okay, that's 2 questions :)


  • 0

#5 Randy A

Randy A

    Newbie

  • Members
  • Pip
  • 2 posts
  • Gender:Male

Posted 27 June 2014 - 04:13 PM

My site was one affected ... and I'm happy that Michael and the team at MDD stepped in to help protect my site!

 

I've now updated my site to rename the wp-admin.  


  • 0

#6 brent

brent

    Newbie

  • Members
  • Pip
  • 9 posts
  • Gender:Male

Posted 30 June 2014 - 06:06 AM

Really nice work guys, although I'd like to be notified of this next time. :P

Yeah. A notification (email most probably) to affected clients would be nice. ;)


  • 0

#7 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,873 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 30 June 2014 - 11:47 AM

Yeah. A notification (email most probably) to affected clients would be nice. ;)

Working on it.  That said taking your wp-admin offline is better than simply letting your whole site go offline or suspending the whole account to prevent collateral damage :).


  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/

#8 tgl

tgl

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 16 March 2015 - 03:32 PM

Now that the plugin originally recommended by MDD is no longer supported: http://d.pr/i/1kjWv what are customers to use to avoid the secondary authentication that gets applied when you try to access /wp-admin?

 

It's not feasible for sites that welcome public registration (e-commerce sites for example) to have to deal with the second layer security and try to add additional user names with passwords.


  • 0

#9 MikeDVB

MikeDVB

    Forum Administrator

  • Staff Administrator
  • PipPipPipPipPip
  • 2,873 posts
  • Gender:Male
  • Location:Central Indiana, USA

Posted 16 March 2015 - 07:37 PM

Now that the plugin originally recommended by MDD is no longer supported: http://d.pr/i/1kjWv what are customers to use to avoid the secondary authentication that gets applied when you try to access /wp-admin?

We simply made our users aware of the plug-in as it appeared to fix the issue at the time. It is unfortunate that the developer has discontinued the plugin and I do not have any recommendations on a replacement.

You would need to put some research into plugins to protect yourself if the need arose.
 

It's not feasible for sites that welcome public registration (e-commerce sites for example) to have to deal with the second layer security and try to add additional user names with passwords.

Nobody is forcing it - if you want to stay under brute force attack you can remove the password protection. Understand your site may become slow and/or completely unresponsive under the load of such an attack without proper optimization.
  • 0
Michael Denney - MDDHosting LLC - Providing Hosting since 2007
Scalable shared hosting plans in the cloud! Check them out!
Highly Available Cloud Shared, Reseller, and VPS
http://www.mddhosting.com/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users