Wordpress login page 404 error - any help?

11 replies
Hi
I have just discovered that all my wordpress sites have the same fault: The login page does not resolve.
Instead if I type in site.com/wp-admin
or site.com/wp-login I get a 404 error page.
If I type in site.com/wp-login.php I get 'The page isn't redirecting properly'

I have tried searching G for a solution but none found.
So, any wordpress experts here that can shed some light on this problem

Many thanks in advance

Mark
#404 #error #login #page #wordpress
  • Profile picture of the author Danny Shaw
    Have you recently installed any new plugins or themes, or updated anything? If so try deleting these files one by one from your host.
    Signature
    **5 DAY FREE TRIAL** - The ultimate social media bot (FB, Instagram, Pinterest & G+).........
    Grab it >> HERE
    {{ DiscussionBoard.errors[10309045].message }}
    • Profile picture of the author keepitsimple
      Hi Danny
      Nothing new has been added. And it's the same problem on about 8 sites.
      I tried disabling all plugins from within Cpanel by renaming the plugin folder, but no luck.

      Thanks for your input though
      {{ DiscussionBoard.errors[10309081].message }}
      • Profile picture of the author webmarketer
        Not an expert.

        Try to check your .htaccess if chars are added (renaming the .htaccess) or

        try to delete your wp-login.php and upload a new file of the same. Do not overwrite the old file but delete it first.
        {{ DiscussionBoard.errors[10309093].message }}
  • Profile picture of the author Jason Kanigan
    Call your hosting company.

    A 20-minute call beats hours of aggravation trying to figure this out yourself.

    You may find someone has uploaded a nasty file to not just your sites, but to many Wordpress sites hosted by this company.
    {{ DiscussionBoard.errors[10309101].message }}
    • Profile picture of the author keepitsimple
      Webmarketer:
      I don't have a htaccess file. I did try deleting the wp-login.php and uploading a new one, but no change.
      Thanks for your input

      Jason Kanigan:
      I think I'd best call my host as I've already spent 3 hours trying to sort it out. As you say, it may be a host wide thing.
      Many thanks
      {{ DiscussionBoard.errors[10309178].message }}
      • Profile picture of the author keepitsimple
        Well this is amazing. This is the reply I got from my host:

        Hello,

        The issue you're currently experiencing with Wordpress is due to the Global Wordpress attack that has been on-going since the beginning of 2014.

        A botnet of over 90,000 machines, is attempting to globally brute force and hack into wp-login.php which is the file that Wordpress users use to login to Wordpress.

        The attack is sending thousands of requests at one time to attempt to login to your Wordpress installation via wp-login.php in an attempt to gain access to make it part of the growing botnet.

        We've enabled a server wide ACL that blocks all access to wp-login.php unless the IP is whitelisted.

        I've added the IP "my ip" that was attached to this ticket. You should now have access to the Wordpress login page.

        Additional recommendations:
        -Changing your default admin username for wp-admin to a different username as the attack is specifically targeting the admin username.

        -Placing a browser-based password on wp-login.php

        The link immediately below will explain how to do this:
        Brute Force Attacks « WordPress Codex

        Additional information about the attack can be found here:
        Brute-force attack targeting sites running WordPress | Skunkworks Creative Group
        WordPress wp-login.php brute force attack - InMotion Hosting

        Thank you.
        {{ DiscussionBoard.errors[10309553].message }}
        • Profile picture of the author rhinocl
          If these are membership sites you still have an issue as no one can log in except for people from whitelisted ips.

          I would suggest moving to a different host. (If they did this and didn't inform you they are losers!)
          Then talk to your new host and see if they have been having the same issue. You can use a different url for logins via the itheme security plugin but you will need to give that address to all your members as well as change the login link address on your site. If using a php code for login/out you would have to test.
          {{ DiscussionBoard.errors[10310156].message }}
          • Profile picture of the author webmarketer
            They also try to use your domain name or half of the domain name as login username-- apart from 'admin'.

            Better upload a security plugin or two. I have mine set at only a maximum of 2 attempts to log in in a day then they get screened out for 20 days. This after I had a couple of sites under brute force attack 2 weeks ago.


            Originally Posted by keepitsimple View Post

            Well this is amazing. This is the reply I got from my host:

            Hello,

            The issue you're currently experiencing with Wordpress is due to the Global Wordpress attack that has been on-going since the beginning of 2014.

            A botnet of over 90,000 machines, is attempting to globally brute force and hack into wp-login.php which is the file that Wordpress users use to login to Wordpress.

            The attack is sending thousands of requests at one time to attempt to login to your Wordpress installation via wp-login.php in an attempt to gain access to make it part of the growing botnet.

            We've enabled a server wide ACL that blocks all access to wp-login.php unless the IP is whitelisted.

            I've added the IP "my ip" that was attached to this ticket. You should now have access to the Wordpress login page.

            Additional recommendations:
            -Changing your default admin username for wp-admin to a different username as the attack is specifically targeting the admin username.

            -Placing a browser-based password on wp-login.php

            The link immediately below will explain how to do this:
            Brute Force Attacks « WordPress Codex

            Additional information about the attack can be found here:
            Brute-force attack targeting sites running WordPress | Skunkworks Creative Group
            WordPress wp-login.php brute force attack - InMotion Hosting

            Thank you.
            {{ DiscussionBoard.errors[10310205].message }}
            • Profile picture of the author keepitsimple
              rhinocl:
              One is due to be a membership site, so that will be a problem. I'll talk to my host and see what they can do, otherwise a move may be needed.
              Many thanks

              webmarketer:
              My usernames are mostly very different from the domain, but I'll change the ones that are similar.
              I have a login limit plugin installed, but apparently those plugins are not safe with this type of attack, hence why the host initiated a server wide protection system
              Thanks for your help
              {{ DiscussionBoard.errors[10310273].message }}
              • Profile picture of the author webmarketer
                @keepitsimple -- Thanks for the heads up. Fortunately, despite all the attacks, none has snuck in and gone over the 2 security plugins. Additionally, there are others that I use so I feel a bit confident. Just a bit.
                {{ DiscussionBoard.errors[10310394].message }}
  • Profile picture of the author aman072
    i also experienced same problem but i contacted my hosting provider support team . with in a few minutes they solved the issue .
    {{ DiscussionBoard.errors[10508836].message }}

Trending Topics