Few days ago I’ve noticed that someone is using brut force attack to try to log in into our WordPress page.
This is what I did:
1. changed the name of the wp-login.php file and changed all url in the file to new url
2. added a functions to change logout url and redirect to home page after logout
add_filter( 'logout_url', 'custom_logout_url' ); function custom_logout_url( $default ) { return str_replace( 'wp-login', 'newloginpageurl', $default ); } add_action('wp_logout','auto_redirect_after_logout'); function auto_redirect_after_logout(){ wp_safe_redirect( home_url() ); exit; }
3. added function to redirect everyone who is trying to access to wp-login.php to 404
add_action('init', 'force_404', 1 ); function force_404() { $requested_uri = $_SERVER["REQUEST_URI"]; do_action('debugger_var_dump', $requested_uri, '$requested_uri', 0, 0); do_action('debugger_var_dump', strpos( $requested_uri, '/wp-login.php'), 'FOUND?', 0, 0); if ( strpos( $requested_uri, '/wp-login.php') !== false ) { do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0); // The redirect codebase status_header( 404 ); nocache_headers(); get_template_part( 404 ); die(); } if ( strpos( $requested_uri, '/wp-login.php') !== false || strpos( $requested_uri, '/wp-register.php') !== false ) { do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0); // The redirect codebase status_header( 404 ); nocache_headers(); get_template_part( 404 ); die(); } do_action('debugger_var_dump', 'END', 'END', 0, 0); }
Everything was tested and works fine, wp-admin works only when user is login in other case it by default redirect to wp-login as normal WordPress and after because of function force_404 it’s redirecting to 404 page.
I cleared all cache files.
Everything was ok, until one person from the company logged in for the first time after the changes. Apparently to attacks are back now.
Did I do things right and it’s connected with that person having some malware or I just did something wrong and it’s coincident?