All Questions
66
questions
0
votes
0
answers
37
views
Wordpress EC2 Security Practices
I started working for a client about 3 months ago. They have wordpress running on EC2 instance and no security/monitoring at all. We have about 8 users and 3 active. Recently 2 users reported some ...
1
vote
0
answers
1k
views
How to Change The WordPress Login URL Without Plugin
I'm looking for a way to change the wordpress admin login url from site.com/wp-login.php or sit.com/wp-admin.php to my custom login url like site.com/mylogin.
I want to this without using plugin or ...
0
votes
1
answer
49
views
Input sanitation
I have a question regarding a wordpress site I have recently developed for a client. I have only until now developed a site for small clients that just require personal websites, however this client ...
1
vote
1
answer
399
views
I want to disable login of admin (/wp-admin) with email and make it accessible only with username
I want to do it as a security precaution. I've already taken other actions. But I want to be able to login only with my admin username. Is there a way to do that or even a plugin?
0
votes
1
answer
125
views
How to Prevent Brute Force Attack on WordPress
my site went down for 1hr. and after then continuously. So I asked my hosting what the problem is with my website. they say I am in under brute force attack. told me to hire someone.
I Limit Login ...
1
vote
0
answers
112
views
Should I encrypt the response that triggers an Ajax action? Is nonce sufficient?
I am trying to write a custom user registration plugin. The plugin has 5 basic functionalities
Take form data and create a user using wp_insert_iser
Once a user is created, update user meta for ...
0
votes
0
answers
456
views
How to invalidate `password reset key` after being used
I am trying to write my own lost password plugin. It is working perfectly. But how can I invalidate the reset key after being used once. Currently I am able to set new password as many times as I wish ...
1
vote
0
answers
1k
views
disable site_url redirect in wp-login.php
I'm running a wordpress install on nginx, and I'm looking at novel ways of securing wp-admin. I know theres more than one way to do this (e.g. adding an http basic auth layer, login lockdown, 2FA, etc....
0
votes
1
answer
51
views
Does WordPress (or a plugin) reveal login credentials to admin?
I just tried to login to an old WordPress site of mine. I forgot that I already sold the website. I tried logging in, using my login credentials, but obviously I wasn't able to login. Now my question ...
0
votes
1
answer
108
views
Advice on redirect to lock site from unauthorized users
Looking for some advice on the below function. I have a web app type site built in WP. There is nothing on the site relevant to non-users, apart from the login form on the homepage. I've got some ...
0
votes
1
answer
67
views
https rewrite not working for All in one security Brute force > rename login url
I am trying to set 2 security measures that seems not to work together:
https on the site, using a server redirect + Module rewrite in htaccess :
<IfModule mod_rewrite.c>
RewriteEngine On
...
1
vote
0
answers
374
views
Good way to block users within a multisite setup without deleting them?
This is probably a common problem with multiple possibilities to solve. However I am asking for an easy solution as I guess I am not the first one to have this problem.
Assume we have a huge company ...
1
vote
1
answer
197
views
Admin username and password
I use ceber security plugin which protects my site again malicious attacks etc.
I checked today and there were over 20 lock outs. I checked ip addresses and there were no constituencies, they were ...
-1
votes
1
answer
180
views
How to resolve these findings from security audit
I am working on a corporate project and they are running security audit by consultants and they found the following issues regarding Wordpress. I managed to get a lot of issues resolved using headers ...
2
votes
1
answer
2k
views
Wordpress custom login form using Ajax
Description:
I would like to create a custom login form: username, password and remember field. This is the code I have:
Problem: /wp-admin/admin-ajax.php 503 ()
What I've tried:
PHP:
function ...