Downgraded the WP-Login threat and changed it to an opt-in fix

In my ongoing attempts to improve the security of WordPress and to clarify the brute-force threat, I have isolated the code for my login patch into an include file and added some notes to explain why the wp-login.php file comes up as a vulnerability.

I have also downgraded the severity of this threat and changed it to an "opt-in" fix instead of being marked in red and default checked for automatic repair. This is partly because I have perceived an ebbing of the brute-force attacks on WordPress sites that spiked a couple of months ago, but also because a moderator on suggested that I should not be modifying WordPress core files.

I will also be taking the "Dave" and other references from the movie 2001: A Space Odyssey out of the login patch because some people (not named Dave) didn't see the humor in it and I don't want to upset anyone.

Comments and suggestions are always welcome.


Tags: , ,

11 Comments on "Downgraded the WP-Login threat and changed it to an opt-in fix"

  • Dave Reasons
    On May 4, 2016 at 10:07 am, Dave Reasons said:

    Since my name is Dave and my Nest Thermostat is named HAL I found the popup messages hilarious. Personally, I hate to see them go. How make that an option in the future to keep the comments from the movie.

    • Anti-Malware Admin
      On May 4, 2016 at 11:10 am, Anti-Malware Admin said:

      Thank you for your positive feedback about this nostalgic message. I myself was surprised to have received a few negative comments about the wording of this message but apparently it was disheartening and inappropriate for those that did not understand the movie reference :-(

      I won’t be bringing this old message back, but it’s nice to know that there is someone out there that understands and appreciates my sense of humor ;-)

  • John
    On June 9, 2014 at 7:27 am, John said:

    Hello there, thank you very much for this great plugin! Great and extremely useful!
    May I ask how the “WP-Login Vulnerability” patch works?
    I just wonder if it is OK to apply it when:
    a/ I use a widget for my clients to login
    b/ I have changed the login slug to something different with iThemes Security plugin

    One of my sites is under constant login attempts and the only way I found was to use iTheme’s Security plugin option to hide the login area and was wondering whether I can also apply your patch at the same time.

    Thank you!

    • Anti-Malware Admin
      On June 9, 2014 at 12:25 pm, Anti-Malware Admin said:

      Depending on how your login widget work it is possible that my brute-force patch might keep your users from loging in from the widget. I really not sure sure how it will be affected by your other security plugin though. I would suggest just trying it out and testing it from another computer that is not already logged in (be sure to refresh the page before attempting a login). If it does not work you can easily revert the change by going to the Quarantine and restoring the wp-login.php file from there, or by copying back the wp-login.php file from the original WP Core install.

      Please let me know how it works out for you.

  • Jason
    On May 15, 2014 at 11:58 am, Jason said:

    Hello Eli,
    I heard about your plugin from Michael Stelzner of Social Media Examiner, and while I do not believe my sites are under or have been under attack, I am installing your plugin on the multiple sites I manage for myself and my clients. I just want you to know you are appreciated for all that you do!

  • Bjorn van der Neut
    On March 7, 2014 at 3:04 am, Bjorn van der Neut said:

    what can I do to prevent attacks on my login page?

    • Anti-Malware Admin
      On March 7, 2014 at 10:39 am, Anti-Malware Admin said:

      You cannot prevent an attack on your site, you can only prepare your site to handle the attack. If this is a Brute-Force attack on your wp-login.php page then you should apply the security patch supplied by my plugin. Just run the Quick Scan, then check the box by the wp-login.php file under “WP-Login Vulnerability” and click “Automatically Fix SELECTED Files Now”. This will not stop the attack but it will prevent the attack from effecting the performance of your site and stop the attacker from gaining access to your WP Admin.

  • Greg Hamlyn
    On August 13, 2013 at 5:25 pm, Greg Hamlyn said:

    Hi Eli
    Not sure where to leave a post for this question – I have a number of websites that have been hacked and seem to effect the admin and IE – HACKED BY HACKROOT Turkhackarmy – this is in IE looks normal in FireFox etc.

    Can your plugin help restore the websites
    If so I will be very happy to donate to fix the issue



    • Anti-Malware Admin
      On August 13, 2013 at 6:43 pm, Anti-Malware Admin said:

      I have not seen this one on a WordPress site before but if you can provide me with access to your WP Admin then I will find it for you and add it to my definition update so that it can be automatically removed.

      You can email your admin password directly to me: eli AT gotmls DOT net

  • Anti-Malware Admin
    On September 1, 2013 at 10:30 am, Anti-Malware Admin said:

    Good to hear from you, Thanks!


Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>