TBirdUK Posted October 29, 2020 Report Share Posted October 29, 2020 Can I assume the following pages are standard entry points for Wordpress sites?wp-login.php xmlrpc.php Some very repetitive IPs keep on trying to access them, Weird considering I have never used Wordpress. Quote Link to comment Share on other sites More sharing options...
theKiwi Posted October 29, 2020 Report Share Posted October 29, 2020 Yes - the first one is the page to login to the admin side of a WordPress site. The second file is a way that the owner of a WordPress site could for example create a new blog posting by sending an eMail to a particular email address connected to the site. I too have sites that aren't WordPress sites being probed continuously by arseholes looking for a way in to the site. Roger Quote Link to comment Share on other sites More sharing options...
TBirdUK Posted October 29, 2020 Author Report Share Posted October 29, 2020 Thanks Hopefully my page will discourage themhttps://smeefamily.com/wp-login.php Quote Link to comment Share on other sites More sharing options...
theKiwi Posted October 29, 2020 Report Share Posted October 29, 2020 1 hour ago, TBirdUK said: Thanks Hopefully my page will discourage themhttps://smeefamily.com/wp-login.php Probably not - these attempts are likely bots of some kind - just probing hundreds or thousands of sites looking for a file, and then when they find it, set about attacking it. My philosophy on such things is just to try and keep things up to date, and ignore all the nonsense like this. If I find something being quite egregious, then I might set about blocking their IP number, but I don't often do that, or else I'd be doing it all day. Roger Quote Link to comment Share on other sites More sharing options...
klooster Posted October 29, 2020 Report Share Posted October 29, 2020 Use a security plugin for WP, for instance “All in one WP security”, then you can change the standard WP login URL. Quote Link to comment Share on other sites More sharing options...
TBirdUK Posted October 29, 2020 Author Report Share Posted October 29, 2020 Roger Agreed, to be honest I just put pages like that up to stop them masking other problems in the site error log, I get a lot of spiders looking for pages that were on the domain years ago (pre TNG) and my "lockdown target" is to get to a 404 free site! Quote Link to comment Share on other sites More sharing options...
theKiwi Posted October 29, 2020 Report Share Posted October 29, 2020 1 hour ago, klooster said: Use a security plugin for WP, for instance “All in one WP security”, then you can change the standard WP login URL. He's not using WordPress on his site at all, so a security plug in is of no help - it's just people hoping it's a WordPress site and looking for a way in to it. Roger Quote Link to comment Share on other sites More sharing options...
klooster Posted October 30, 2020 Report Share Posted October 30, 2020 Yes Roger, you are quite right. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.