Skip to content

Additional ..

Well this is a blast, my poorly website is being hammered with brute force attacks, coming in mainly from the XML-RPC facility on WordPress.

  • I know this because ‘Limit Login Attempts’ is logging them.

Limit Login Attempts Reloaded


Limit the rate of login attempts, including by way of cookies and for each IP address.

Version 2.10.0 | By WPChef | View details

Fifteen in the last 10 hours on 17/12/2018, with all of them being logged out after 2 failed attempts, but strangely enough: several of the blocked IPs are having another go an hour later.

{ Huff! }

  • But being as ‘Xng1px’ is my weird WordPress created username: then I feel quite confident that they’ll never even get it, to then begin the nasty hacking process.

I’ve tried: (unsuccessfully), to install a plug-in that hides my log in /wp-login.php file; with all sorts of problems with me trying to log back in. It is the way to go, but it’s not that easy to implement.

Update:- 23-08-2020. The venerable plugin that I was vainly attempting to use back then was called, WPS Hide Login, and several others were reporting the same issues that I had. Now, that’s not to say it’s a bad plugin, its just fiddly for the novice, especially if your .Htaccesss file is incorrectly set up.

Hummmm! – The one I’m currently trying out is called Webcraftic, and touch wood: I can still log into my site, but the wp-login.php file has been renamed. So that should kill off the shitty-web-bot cruisers, cruising the lanes for an open hole to play inside.

Webcraftic Hide login page

Settings | Deactivate

Hide wp-login.php login page and close wp-admin access to avoid hacker attacks and brute force.

Version 1.1.1 | By Webcraftic | View details


From the log that Limit Log in creates, .. I can see that well over 50% of the traffic was coming in on the XML-RPC channel, (that I don’t use), so in one foul stroke I’ve eliminated them by installing a rather neat plugin called, ..

Manage XML-RPC


Enable/Disable XML-RPC for IP specific control and disable XML-RPC Pingback method.

Version 1.0 | By brainvireinfo | View details

It happily turns off * ALL * of the XML-RPC traffic, including ping-backs (but only if you want that sharing feature disabled.)

I feel quite confident that I’m finally beating the spammy fuckers ..

Thanks for reading, Jessica: Praise be the ORI.


Published inReviews

One Comment

  1. MJS MJS


    I’ve cured my spam issues literally overnight by installing ‘wpDiscuz’, and also kicked the living shit out of the [Brute Force Logins] with ‘Manage XML-RPC’.

    All in all, .. I’m well impressed.

    Thanks for reading, Jessica: Praise be the ORI.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This is a local popup, .. it’s been placed here to advertise the fact that you can have your own **free** local WordPress environment, and at the click of a button.

I’m putting my own reputation on the line to push this local program, and what I can say on the subject: is quite frankly it’s brilliant. The program itself will provide you with a very simple WP environment to go local: simple but powerful.

Setting it up and running it is a breeze, but like everything else software wise out there, you do need to read the docs: just a little bit to get it running.

Did I mention that it’s free!

Download and install it here.

Try it, you won’t be disappointed.