If CAS is the only login method, I think your blog should be protected. But, the atackers don’t care about alternative login methods. They simply send request against wp-login.php.
So if you still have an account named “admin”, CAS cannot protect your blog. Let’s think about the worst case. Assuming you have an account named “admin” with the password “1234”, but you use always CAS to login but with a different admin account. The attackers still can access your blog through wp-login.php and can get access.
You can try to rename the wp-login.php and test if everything still works. If it so, fine. If not, you have to protect your blog with other additional methods (like login löockdown).
Related Posts:
- Prevent Brute Force Attack
- Too many login attempts
- https rewrite not working for All in one security Brute force > rename login url
- How to resolve these findings from security audit
- How to Find WordPress site has backdoor login Codes
- How to use login_redirect with a user capability
- I should enable automatic updates?
- Can some vulnerabilities in plugins be exploited even when the plugin is inactive?
- Login Customizer doesn’t change the background of the register form
- Security and Must Use Plugins
- Is Timthumb still broken? What security measures should be taken?
- easy steps to make front end form without plugin
- Prevent direct access to WordPress plugin assets?
- Change wp-login to custom URL login page
- Is it safe to use admin-ajax.php in the frontend?
- How to protect WordPress from security scanner [closed]
- Login problem after installing my written plugin [closed]
- Specific way to allow WordPress users to view their current password? And edit it?
- Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
- Get ‘Headers already sent’ error for the plugin I am creating when I try to login
- How to prevent plugins from sniffing/stealing other plugins’ options?
- Custom Login Page — wp_signon Headers Already Sent?
- Website show Google Ads when we have no Google Ads linked to our website
- Vulnerability Concern From the Plugin or From Not Updating the Plugin?
- Custom API plugin to execute 3rd party API to retrieve data
- How to deal with Slow HTTP POST (slowloris) vulnerability
- Theme My Login Shortcode Doesn’t Return Anything
- Running multiple security plugins
- how do I secure my WP website from hackers? [closed]
- Possibility to login without password
- Chrome Dev Tools console says every page in my blog has link to http://maps.google.com [closed]
- how do i change my website facebook login button to another text immediately user login? [closed]
- WordPress unable to write files in the server
- Webservice credential storage [duplicate]
- Custom PHP Page Using WordPress login
- Regarding plugin security
- How to Use the Filter “sidebar_login_widget_form_args”
- Manage PDF downloads and protected pages
- How do I determine if the user who registered is not spam?
- Is this plugin safe to run?
- login in wordpress using gmail account
- How can I replace content on site generated from plugin without changing plugin
- Is the Block Bad Queries Plugin Still Relevant?
- Janrain/Simple Modal under Redirected Domain
- WP Insert Post If user refreshes override new post
- 404 errors when updating options in admin dashboard
- Website Captcha Error: The reCAPTCHA wasn’t entered correctly
- Hide plugins and theme from public
- WordPress search shows protected content
- Linking form to user meta fields
- Security of a WordPress Plugin
- Can I disable xml-rpc by setting it to false?
- WordPress Multisite Profile Picture Sync Error with Nextend Social Login Plugin
- How can I disable new plugin and theme install, but allow updates?
- Help to Create a Simple Plugin to make a post
- Plugin or ways to limit number of users logging in the website,
- force logged in user to stay in the dashboard
- Validating ajax search
- Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
- WordPress disable direct access of files in WordPress installation path
- Share login credential with QR code
- Asking help regarding potential malware
- Which membership plugin for a simple sign in? Personal areas for customers
- Discern a specific plugin’s action hooks
- prevent anonymous access to WordPress site (non-admin site)
- Login/password protected “client page”
- Bing/msn bots is heavily requesting random of my website
- WordPress Admin login redirect to homepage
- “Fire Secure” menu item
- Securing a plugin pop-up window
- On button click, redirect users to registration page instead of another page
- How can I show login popup when user clicks on download button
- When the user entered an unauthorized url redirect to login page
- How to show private pages based on a user’s role?
- Why does WordPress use cookies for /wp-admin and /wp-content/plugins for non-admin users [duplicate]
- using wordpress login details for other website / application / forum?
- wp_signon returns user, in popup window, but the user is not logged in
- WordPress SSO SAML
- Redux framework somehow added to my site, can’t locate in plugins
- How to Create Custom Dashboard for my Laundry Website?
- wp_login_form() ignoring login_form action hook
- User content database [closed]
- Being hacked. Is there a list of WordPress security holes I can check against?
- wp_verify_nonce fails always
- Auto-login from backend
- AJAX login without a plugin does not work. when add a action to function.php
- Plugins effecting layout & login
- How can i see/log all requests coming from a registration form (not from the UI)?
- Redirect default login page to a custom page [duplicate]
- Write mysql credentials in plugin
- Site is continuously accessing by several IPs
- wp-admin will not redirect to wp-login.php
- Validating values using Settings API?
- using .htaccess only for wordpress security no plugins
- Adding google authenticator and use only email address of user
- SWF in wordpress post
- Adding a Filter to Sidbar Login Plugin to Change Login Button Lable
- First argument is expected to be a valid callback for cp_admin_init and _canonical_charset
- how to protect wordpress website
- Unwanted Links and Spam WordPress Pages and Posts