Few days ago I've noticed that someone is using brut force attack to try to log in into our Wordpress page.
This is what I did:
1. changed the name of the wp-login.php file and changed all url in the file to new url
2. added a functions to change logout url and redirect to home page after logout
add_filter( 'logout_url', 'custom_logout_url' );
function custom_logout_url( $default ) {
return str_replace( 'wp-login', 'newloginpageurl', $default );
}
add_action('wp_logout','auto_redirect_after_logout');
function auto_redirect_after_logout(){
wp_safe_redirect( home_url() );
exit;
}
3. added function to redirect everyone who is trying to access to wp-login.php to 404
add_action('init', 'force_404', 1 );
function force_404() {
$requested_uri = $_SERVER["REQUEST_URI"];
do_action('debugger_var_dump', $requested_uri, '$requested_uri', 0, 0);
do_action('debugger_var_dump', strpos( $requested_uri, '/wp-login.php'), 'FOUND?', 0, 0);
if ( strpos( $requested_uri, '/wp-login.php') !== false ) {
do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
// The redirect codebase
status_header( 404 );
nocache_headers();
get_template_part( 404 );
die();
}
if ( strpos( $requested_uri, '/wp-login.php') !== false || strpos( $requested_uri, '/wp-register.php') !== false ) {
do_action('debugger_var_dump', 'REDIRECT', 'REDIRECT', 0, 0);
// The redirect codebase
status_header( 404 );
nocache_headers();
get_template_part( 404 );
die();
}
do_action('debugger_var_dump', 'END', 'END', 0, 0);
}
Everything was tested and works fine, wp-admin works only when user is login in other case it by default redirect to wp-login as normal Wordpress and after because of function force_404 it's redirecting to 404 page.
I cleared all cache files.
Everything was ok, until one person from the company logged in for the first time after the changes. Apparently to attacks are back now.
Did I do things right and it's connected with that person having some malware or I just did something wrong and it's coincident?
