Skip to content
Read For Learn
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP

WordPress login security

No, the requests will still happen, even if it results in a 404. If you keep logging, you’ll also notice attempts to log in to Drupal, Joomla, and other major CMS, including server exploits for IIS Apache and Nginx

This is because they’re automated opportunistic requests, they’re not actually looking at your site, they’re only looking for successful logins. Most sites get these, sometimes in large spikes, sometimes as consistent background noise.

If you’re worried about your security though, I’d suggest that you:

  • Add a brute force login mechanism, such as the one included in Jetpack, or the popular limit logins plugin
  • Force a minimum password strength, there are several plugins that can do this for you, though I cant recommend one
  • Use 2 factor authentication

Other than that, there isn’t anything you can do to eliminate the possibility short of a major breakthrough in computer security research. Moving your login page will either break things, or it’ll only work for those bots that are particularly stupid.

Anyone can visit the login page of a site via rewrite rules by going to /login if pretty permalinks are turned on, they can use XMLRPC, and they can visit the admin area at wp-admin and be redirected to the login page. If you move the admin area, aside from breaking things, the user can still visit /admin and be redirected anyway. Moving things sounds like the answer, but it really isn’t, it’ll just give you a sense of false security, which is far more dangerous.

Related Posts:

  1. Is there any way to rename or hide wp-login.php?
  2. Increase of failed login attempts, brute force attacks? [closed]
  3. How to fake a WordPress login?
  4. Brute force attack?
  5. Receiving “This content cannot be displayed in a frame” error on login page
  6. Websites defaced by uploading script using theme editor
  7. Make wordpress admin failed login attempt return 401
  8. WordPress login urls
  9. Store brute-force IP addresses
  10. How to create a private login page for admin.?
  11. WordPress Security – How to block alternative WordPress access
  12. Protecting WordPress login page
  13. wp-admin folder, brute force, and password protection
  14. Sniffing wordpress user’s credentials
  15. disable site_url redirect in wp-login.php
  16. Does WordPress (or a plugin) reveal login credentials to admin?
  17. Is wp_login_form secure on a non secure page?
  18. Why isn’t the login page rate limited by default?
  19. How can I password protect a WordPress site without requiring users to log in?
  20. Input sanitation
  21. How to Prevent Brute Force Attack on WordPress
  22. Advice on redirect to lock site from unauthorized users
  23. Where is the php file, that does the checks for login information?
  24. Error on WordPress Login
  25. Access log “POST /wp-login.php HTTP/1.0” 400
  26. force login loophole
  27. I need to find which is the file that checks the DB for correct login (username, password)
  28. How to create separate login for authors/moderators/subscribers?
  29. How to invalidate `password reset key` after being used
  30. Site is not loading after relogin attempts on SSL
  31. Some crawlers/bots attempting to login with very good guesses. How?
  32. Hide wp-login.php but not the widget
  33. How login is possible, if I deny login page via nginx?
  34. Can’t log in: “ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.”
  35. SSO / authentication integration with external ‘directory service’
  36. Preventing session timeout
  37. Check for correct username on custom login form
  38. ‘Password field is empty’ error when using autofill in Chrome
  39. Prevent wp_login_form() from redirecting to wp-admin when there are errors
  40. How to disable autocomplete on the wp-login.php page
  41. how to display the wordpress login and register forms on a page?
  42. How can I add a custom script to footer of login page?
  43. Is it alright for two people to simultaneously be logged into a WP site as administrator?
  44. How do I turn off the ability to login?
  45. Give visitor access to password protected page/post via external script
  46. WordPress Login Footer URL
  47. moving server can not login
  48. Save last login date in global before change it?
  49. How can I secure a WordPress blog using OpenID from a single provider?
  50. How to get login data (session) outside WordPress?
  51. password protect individual pages
  52. Change register form action url
  53. Is back-end access not required for an app to post to my blog?
  54. How do I make my site publicly viewable? Everything redirects to wp-admin
  55. Different homepage for logged in users
  56. reset password link redirect to login page
  57. Deregister default wp-admin css on login screen only?
  58. Should I encrypt the response that triggers an Ajax action? Is nonce sufficient?
  59. SSO to WP, from a non-wp site on a different domain and server
  60. How can I login as admin after redirect to custom login page
  61. Login with serialized password
  62. is_user_logged_in() not working in Firefox
  63. How can I change the email sender name from wordpress to (myblogname) on the “lost password” email?
  64. Changed primary domain and now wordpress login won’t work
  65. Keep user session with custom implementation of user login
  66. Is there anyway to get the inputted password string from the login form?
  67. Invalidate username if it contains @ symbol
  68. WordPress Login and Register Link
  69. Login and Forgot password in Lightbox
  70. WordPress Login redirection according to user role
  71. Getting a person’s username from a wordpress cookie
  72. WordPress ‘limit_login_lockouts’ using internal ip adress
  73. wp_get_current_user does not work properly on log in page
  74. “if is logged in” doesn’t work for me [closed]
  75. Timezone Change Locked Me Out? [closed]
  76. How are all users now set to inactive?
  77. Membership Plugin with Facebook integration [closed]
  78. Google reCaptcha on WP login page
  79. Recovering log in information
  80. Extend Cookie with auth_cookie_expiration not working
  81. WordPress login page not display
  82. WordPress Login & Register works in localhost but don’t work on server
  83. Opening WordPress on wordpress.example.com, while the webpage is at example.com
  84. Stop customers and subscribers from login to dashboard
  85. prevent login after incorrect password 5 times
  86. Why does /wp-admin login send me to this landing page?
  87. Locked out of WordPress admin area [closed]
  88. WordPress login page blank after customizations – works on other sites
  89. WordPress does not send email confirmation to newly registered users
  90. How to dequeue the default CSS styles on the wp-login.php page?
  91. How do I resolve my inability to login to WordPress dashboard? [duplicate]
  92. Chrome incorrectly displaying WP login as ‘not fully secure’
  93. Changed from HTTP to HTTP, can login no longer login
  94. Without user loging inner page is disable wordpress [duplicate]
  95. Registration and Login form
  96. Share login status across subdomains without network
  97. Must Log In to Visit Site [duplicate]
  98. What is the difference between /sbin/nologin and /bin/false?
  99. Editing wp-login.php
  100. Cannot log into WordPress admin dashboard after new installation on AWS ec2
Categories login Tags login, security
How do I add a default thumbnail to elseif when no get_field(‘photos’), and no post thumbnail exists?
wordpress custom loop ascending descending posts by custom field

Recommended Hostings

Cloudways: Realize Your Website's Potential With Flexible & Affordable Hosting. 24/7/365 Support, Managed Security, Automated Backups, and 24/7 Real-time Monitoring.

FastComet: Fast SSD Hosting, Free Migration, Hack-Free Security, 24/7 Super Fast Support, 45 Day Money Back Guarantee.

Recent Added Topics

  • Bug in translation system: load_theme_textdomain() returns true, files are available and accessible but the language defaults to english
  • Custom Elementor controls not appearing in the widget Advanced tab using injection hooks
  • Get the name of the template/*html file used
  • Trying to Add Paging to Single Post Page
  • Sharing media files between live and staging servers
  • How to display the description of a custom post type in the dashboard?
  • Critical error on image display
  • Copying WP data and files into new install?
  • How to determine the DirectAdmin WordPress backup date?
  • How to get list of ALL tables in the database?
© 2026 Read For Learn
  • Database
    • Oracle
    • SQL
  • algorithm
  • asp.net
  • assembly
  • binary
  • c#
  • Git
  • hex
  • HTML
  • iOS
  • language angnostic
  • math
  • matlab
  • Tips & Trick
  • Tools
  • windows
  • C
  • C++
  • Java
  • javascript
  • Python
  • R
  • Java Script
  • jQuery
  • PHP
  • WordPress