wordpress login wp-login.php change url

Few days ago I’ve noticed that someone is using brut force attack to try to log in into our WordPress page.

This is what I did:

1. changed the name of the wp-login.php file and changed all url in the file to new url

2. added a functions to change logout url and redirect to home page after logout

add_filter( 'logout_url', 'custom_logout_url' );


function custom_logout_url( $default ) { 
    return str_replace( 'wp-login', 'newloginpageurl', $default ); 
    }

add_action('wp_logout','auto_redirect_after_logout');

function auto_redirect_after_logout(){
  wp_safe_redirect( home_url() );
  exit;
}

3. added function to redirect everyone who is trying to access to wp-login.php to 404

add_action('init', 'force_404', 1 );

function force_404() {

$requested_uri = $_SERVER["REQUEST_URI"];
do_action('debugger_var_dump', $requested_uri, '$requested_uri', 0, 0);
do_action('debugger_var_dump', strpos( $requested_uri, '/wp-login.php'), 'FOUND?', 0, 0);

if (  strpos( $requested_uri, '/wp-login.php') !== false ) {

    do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
    // The redirect codebase
    status_header( 404 );
    nocache_headers();
    get_template_part( 404 ); 
    die();
}

if (  strpos( $requested_uri, '/wp-login.php') !== false || strpos( $requested_uri, '/wp-register.php') !== false ) {

    do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
    // The redirect codebase
    status_header( 404 );
    nocache_headers();
    get_template_part( 404 );
    die();
}

do_action('debugger_var_dump', 'END', 'END', 0, 0);

}

Everything was tested and works fine, wp-admin works only when user is login in other case it by default redirect to wp-login as normal WordPress and after because of function force_404 it’s redirecting to 404 page.

I cleared all cache files.

Everything was ok, until one person from the company logged in for the first time after the changes. Apparently to attacks are back now.

Did I do things right and it’s connected with that person having some malware or I just did something wrong and it’s coincident?

Related Posts:

  1. Which ways can be used to log in to WordPress?
  2. Redirect after Login on WordPress
  3. How to implement inline cm/inches conversion in WordPress
  4. Redirect old php link to wordpress link in .htaccess
  5. Redirect old php link to wordpress link in .htaccess
  6. How to change thumbnails for WordPress pages (KakaoTalk)
  7. Remove “Protected” text in title h1 of protected wordpress pages
  8. How to convert JPG to PNG on upload in WordPress (via add_image_size)?
  9. WordPress plugin install: Could not create directory
  10. What is the meaning of ‘OFFSET’ => 1 (WordPress)
  11. WordPress makes an auto-draft as soon as I enter the page
  12. Using WordPress on 000webhost.com
  13. Add CashU payment gateway to WordPress Woocommerce
  14. Display only one category on home page wordpress
  15. WordPress custom thumbnail size
  16. WordPress custom thumbnail size
  17. Php – Your PHP installation appears to be missing the MySQL extension which is required by WordPress
  18. Php – Your PHP installation appears to be missing the MySQL extension which is required by WordPress
  19. Advanced Custom Fields, Yoast SEO, not updating new values in WordPress
  20. WordPress sort WP ULike posts in custom query?
  21. Exclude Featured Posts in WordPress ‘Recent Posts’ Function
  22. WordPress: How to overlay text / widget div on top of a revolution slider
  23. Random Question Mark Icons In WordPress Text
  24. php, cookies, wordpress – how to make automatic login in one one site, login and on other one
  25. How can I removed Powered by WordPress link in wp.login.php without editing core WP files?
  26. Creating a custom rebrandly link using a wordpress shortcode
  27. WordPress Login Tracking Google Analytics
  28. WordPress thumbnail cropping not working
  29. WordPress – Check if user is logged in
  30. Flaticons not showing up on WordPress
  31. What does arg mean in WordPress
  32. WordPress PHP proxy/helper pages for Twitter API
  33. WordPress dFactory Cookie Notice Plugin
  34. Marathi typing option in wordpress Editor
  35. WordPress: Loading multiple scripts with enqueue
  36. WordPress: Loading multiple scripts with enqueue
  37. Display all post meta keys and meta values of the same post ID in wordpress
  38. How to use wp_enqueue_style() in my WordPress theme?
  39. How to add custom javascript to WordPress Admin?
  40. How can i Toogle between 2 icons without reloading page in wordpress
  41. About 404 during WordPress installation
  42. With “magic quotes” disabled, why does PHP/WordPress continue to auto-escape my POST data?
  43. WordPress Email Share button not opening in Outlook
  44. How to extend WordPress Bookly plugin
  45. “The Events Calendar” plugin by Modern Tribe in WordPress not working
  46. WordPress localhost not working
  47. WordPress Main Menu – Hide ‘Home’ link on homepage only
  48. validate textfield contents in wordpress simple job board plugin
  49. how to create a custom live search in WordPress from scratch
  50. wordpress Simple Job board plugin hide cv attachment form
  51. How can I access http://localhost/wordpress/wp-admin/install.php?
  52. How can I access http://localhost/wordpress/wp-admin/install.php?
  53. WP_Query(‘orderby=post_date’) not working with wordpress
  54. Dash icons Not Showing properly in Menu Using WordPress
  55. W3 Total Cache WordPress plugin disturbing my page layout
  56. No paged query var being set in WordPress custom pagination
  57. Scalable wordpress setup
  58. cannot change admin password, wordpress on godaddy
  59. WordPress Password Protected Page is not protected
  60. How do i give a WordPress editor access to the Site Kit by Google plugin?
  61. Permalinks in WordPress not working
  62. cannot change admin password, wordpress on godaddy
  63. cannot change admin password, wordpress on godaddy
  64. WordPress – Display Random Number Between 190-250
  65. WordPress broken app to try wpscan kali tool
  66. How to define custom capabilities in wordpress for custom plugin
  67. WordPress Order by date on custom post type archive page
  68. Divi Child Theme Breaks WordPress Customizer
  69. Get the WordPress attachment image url
  70. WordPress theme Flatsome 3.11: UX Builder not loading
  71. Prevent category updates in WordPress Woocommerce REST API
  72. After migration of WordPress website I can’t access the admin (white page)
  73. Cant login to wp-admin (redirecting to homepage), But CAN login to wp-login.php
  74. Cant login to wp-admin (redirecting to homepage), But CAN login to wp-login.php
  75. WordPress: Login for Users Without access to wp-admin
  76. WordPress (GoDaddy: Linux w/cPanel (Apache))_ My 2nd site is FUBAR__ subdomain multisite network installation
  77. I have shifted my wordpress site from one host to another, after shift the website wp-admin is not open
  78. WordPress- url for localhost wp-admin is not working
  79. Muffin Builder has a limit? (WordPress – Be Theme)
  80. How to use If, If Else and else in WordPress
  81. update post meta wordpress
  82. Enable “Post Formats” Just For a “Custom Post Type” And Not Others In WordPress
  83. Get Categories of events in WordPress Events Calendar Pro Plugin
  84. How can I add a PHP page to WordPress?
  85. How can I add a PHP page to WordPress?
  86. Embed podcast feed in wordpress
  87. Why can’t import backup site WordPress? Plugin All-in-one migration
  88. Problem getting data with WooCommerce/WordPress
  89. Problem getting data with WooCommerce/WordPress
  90. wordpress add_query_arg how to add multiple queries to URL
  91. How to correctly use get_template_directory_uri() WordPress function to load an image that is in a subfolder of my theme?
  92. Display all post meta keys and meta values of the same post ID in wordpress
  93. Custom Coupon type woocommerce wordpress
  94. WordPress home page is blank but every other page is working fine
  95. Error establishing a database connection in my localhost
  96. why are two paragraphs being added on wordpress custom excerpt function used?
  97. Correct way of using wp_get_attachment_image() in wordpress
  98. How to cache/speed WordPress queries for logged in users?
  99. Page Redirection in WordPress
  100. How to easily add cropped screenshot to self-hosted WordPress as hosted image?

Leave a Comment