14 Comments on "Downgraded the WP-Login threat and changed it to an opt-in fix"

• 
  On May 31, 2021 at 6:22 am, Patrick Craig said:

  I have the anti-malware plugin installed on several WordPress websites that run on IIS on a Windows 2008R2 server. The Brute-force protection plugin installed on all the single sites, but not on the multi-sites. What should I look for to correct this. I would like the protection for all my sites. By the way, what a great plug-in.

  Reply
  • 
    On June 2, 2021 at 2:53 am, Anti-Malware Admin said:

    Your Network Admin pages are secured using the same login page as your main/primary site, so if you have the Brute-Force protection installed on that site then your multi-site login is protected.

    Reply
• 
  On March 20, 2017 at 1:34 am, ANIL said:

  Hi,

  Thanks, for sharing some tips for WP-Login threat and changed.

  Reply
• 
  On May 4, 2016 at 10:07 am, Dave Reasons said:

  Since my name is Dave and my Nest Thermostat is named HAL I found the popup messages hilarious. Personally, I hate to see them go. How make that an option in the future to keep the comments from the movie.

  Reply
  • 
    On May 4, 2016 at 11:10 am, Anti-Malware Admin said:

    Thank you for your positive feedback about this nostalgic message. I myself was surprised to have received a few negative comments about the wording of this message but apparently it was disheartening and inappropriate for those that did not understand the movie reference

    I won't be bringing this old message back, but it's nice to know that there is someone out there that understands and appreciates my sense of humor

    Reply
• 
  On June 9, 2014 at 7:27 am, John said:

  Hello there, thank you very much for this great plugin! Great and extremely useful!
  May I ask how the “WP-Login Vulnerability" patch works?
  I just wonder if it is OK to apply it when:
  a/ I use a widget for my clients to login
  b/ I have changed the login slug to something different with iThemes Security plugin

  One of my sites is under constant login attempts and the only way I found was to use iTheme's Security plugin option to hide the login area and was wondering whether I can also apply your patch at the same time.

  Thank you!

  Reply
  • 
    On June 9, 2014 at 12:25 pm, Anti-Malware Admin said:

    Depending on how your login widget work it is possible that my brute-force patch might keep your users from loging in from the widget. I really not sure sure how it will be affected by your other security plugin though. I would suggest just trying it out and testing it from another computer that is not already logged in (be sure to refresh the page before attempting a login). If it does not work you can easily revert the change by going to the Quarantine and restoring the wp-login.php file from there, or by copying back the wp-login.php file from the original WP Core install.

    Please let me know how it works out for you.

    Reply
• 
  On May 15, 2014 at 11:58 am, Jason said:

  Hello Eli,
  I heard about your plugin from Michael Stelzner of Social Media Examiner, and while I do not believe my sites are under or have been under attack, I am installing your plugin on the multiple sites I manage for myself and my clients. I just want you to know you are appreciated for all that you do!

  Reply
  • 
    On May 15, 2014 at 2:34 pm, Anti-Malware Admin said:

    Thanks

    Reply
• 
  On March 7, 2014 at 3:04 am, Bjorn van der Neut said:

  what can I do to prevent attacks on my login page?

  Reply
  • 
    On March 7, 2014 at 10:39 am, Anti-Malware Admin said:

    You cannot prevent an attack on your site, you can only prepare your site to handle the attack. If this is a Brute-Force attack on your wp-login.php page then you should apply the security patch supplied by my plugin. Just run the Quick Scan, then check the box by the wp-login.php file under "WP-Login Vulnerability" and click "Automatically Fix SELECTED Files Now". This will not stop the attack but it will prevent the attack from effecting the performance of your site and stop the attacker from gaining access to your WP Admin.

    Reply
• 
  On August 13, 2013 at 5:25 pm, Greg Hamlyn said:

  Hi Eli
  Not sure where to leave a post for this question – I have a number of websites that have been hacked and seem to effect the admin and IE – HACKED BY HACKROOT Turkhackarmy – this is in IE looks normal in FireFox etc.

  Can your plugin help restore the websites
  If so I will be very happy to donate to fix the issue

  thanks

  Greg

  Reply
  • 
    On August 13, 2013 at 6:43 pm, Anti-Malware Admin said:

    I have not seen this one on a WordPress site before but if you can provide me with access to your WP Admin then I will find it for you and add it to my definition update so that it can be automatically removed.

    You can email your admin password directly to me: eli AT gotmls DOT net

    Reply
• 
  On September 1, 2013 at 10:30 am, Anti-Malware Admin said:

  Good to hear from you, Thanks!

  Reply

• 

• Related Posts

  • brute-force
    • Just what do you think you are doing, Dave?
  • WordPress
    • A WordPress plugin is born
    • Now available in the WordPress Repository
    • File Viewer and Fix Button Improvements
    • Happy Birthday to GOTMLS Anti-Malware

• Testimonials

  • The cost of the donation is well worth the product. People must remember, if people like Eli Scheets were not here, we would be paying far more for a product that expires frequently and costs many times more than your donation.
    
    
    Thanks Much Eli.
    
    
    James
    -- James
    
    
  • Malware (monit.php) has been fixed using your plugin. I really appreciate this plugin.
    -- Harris
    
    
  • Thanks for your support.
    -- AD Bhatti