Replies: 0
As a user of All In One WP Security & Firewall plugin, I have
renamed the login page,
changed user display names so to be different from login names
disabled Users Enumeration
So far I didn’t had failed login records shown because of the renamed login page although I had a lot of 404 events because of many “nice” guys trying to hack from hundreds of IPs. All IPs were from Wuppertal Germany, except 1 from Russia and 1 from USA.
Five days ago I started having failed login records so I assume that somebody detected the renamed login page. What worries me more is that they try to login with existing usernames having admin rights.
So I renamed again the login page, created new users, and deleted the old users. A few hours later, a new IP from Russia started showing failed a few login records with some of the new user names. A lot of failed login records with the deleted user names continue to appear from USA.
Can anybody enlighten me on how login page and user names are detected?
Is there anything else I can do to prevent this from happening?
Thank you!