𝗥𝗲𝗻𝗮𝗺𝗶𝗻𝗴 𝗪𝗽 𝗟𝗼𝗴𝗶𝗻 𝗜𝘀 𝗡𝗼𝘁 𝗘𝗻𝗼𝘂𝗴𝗵

📅6 days ago⏱1 min read

𝗥𝗲𝗻𝗮𝗺𝗶𝗻𝗴 𝗪𝗽-𝗟𝗼𝗴𝗶𝗻 𝗜𝘀 𝗡𝗼𝘁 𝗘𝗻𝗼𝘂𝗴𝗵

You want to hide your WordPress admin. Many people suggest renaming the login URL. This solves one small problem.

Rename plugins let WordPress load before they show a 404 error. This wastes your server CPU. Block the path at the server level. This stops the request before PHP runs.

Bots do not stop when they miss the login page. They look for other clues. They read your HTML source.

They see:

Plugin folders
Theme paths
Version numbers

These clues tell bots you use WordPress. They match your versions to known bugs.

WordPress also shares clues in the REST API. It often lists your usernames.

Check your site with these tests:

Look for generator tags in the source.
See if the login path boots PHP.
Check for username leaks in the REST API.

Moving the login page is a start. It is not a full security plan.

Source: https://dev.to/cifi/renaming-wp-login-isnt-the-same-as-making-wp-admin-disappear-2gg8

𝗥𝗲𝗻𝗮𝗺𝗶𝗻𝗴 𝗪𝗽 𝗟𝗼𝗴𝗶𝗻 𝗜𝘀 𝗡𝗼𝘁 𝗘𝗻𝗼𝘂𝗴𝗵

Continue reading

𝗪𝗼𝗿𝗱𝗣𝗿𝗲𝘀𝘀 𝘁𝗼 𝗛𝗲𝗮𝗱𝗹𝗲𝘀𝘀: 𝗥𝗲𝗮𝗹 𝗘𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝗶𝗻𝗴 𝗗𝗲𝗰𝗶𝘀𝗶𝗼𝗻𝘀

𝗦𝘁𝗼𝗽 𝗖𝗦𝗥𝗙 𝗔𝘁𝘁𝗮𝗰𝗸𝘀 𝗜𝗻 𝗬𝗼𝘂𝗿 𝗣𝗛𝗣 𝗔𝗱𝗺𝗶𝗻 𝗣𝗮𝗻𝗲𝗹

𝗥𝗲𝗻𝗮𝗺𝗶𝗻𝗴 𝗪𝗣 𝗟𝗼𝗴𝗶𝗻 𝗜𝘀 𝗡𝗼𝘁 𝗘𝗻𝗼𝘂𝗴𝗵

𝗛𝗼𝘄 𝘁𝗼 𝗕𝘂𝗶𝗹𝗱 𝗮 𝗪𝗼𝗿𝗱𝗣𝗿𝗲𝘀𝘀 𝗔𝗜 𝗣𝗹𝘂𝗴𝗶𝗻

𝗪𝗼𝗿𝗱𝗣𝗿𝗲𝘀𝘀 𝗖𝗵𝗮𝗻𝗴𝗲𝘀 𝗛𝗼𝘄 𝗜𝘁 𝗧𝗿𝘂𝘀𝘁𝘀 𝗖𝗼𝗱𝗲