Can't Login To Wordpress Cuz of DDoS attacks? Here's one quick fix ..

by kevinlairre 16 replies
Hi all,

I am sure most of you who have Wordpress sites have heard of the recent DDoS attacks to Wordpress sites worldwide.

Due to such attacks maybe a lot of people might even have trouble logging in. I know I had trouble because my Hosting service had blocked anyone from logging in to wordpress - even the genuine user(s) !

So I came up with a temporary 'quick fix', it will not solve all your security issues as such but it would certainly help you temporarily bypass the blocked login page and help you login immediately to your wordpress site!

Here's the quickfix:

1) Goto the directory where wordpress is installed and download the wp-login.php file to your computer.

2) Rename the file to wp-confusingname.php or choose any confusing name .php .. (So that no random person finds your login page unnecessarily) ... In this example lets say we name it 'wp-confusingname.php' ...

3) Open the file with notepad or wordpad and use the find and replace option to find the keyword 'wp-login.php' and replace it with 'wp-confusingname.php' (replace it with the confusing name that you chose).

4) After replacing all instances of wp-login.php in the file with the above, save the file and upload it (via ftp) back to the main wordpress directory.

5) to login simply goto the address of this new php file that you uploaded and enter your username and password to login.

When you wish to logout:

(You can make changes to the other php files that run the admin dashboard, but since this is a temporary solution, you can use the method below)

Instead of the usual way to go and click logout , you could right click and copy the logout link address and Paste the address on the browser. After pasting, replace the instance of 'wp-login.php' with 'wp-confusingname.php' (or whatever the confusing name that you chose) and hit the enter key to logout.

When your hosting provider resumes access to let you login normally - simply delete this new php file that you created and resume the previous way you used to login.
#website design #attacks #cuz #ddos #due #fix #login #quick #wordpress
Avatar of Unregistered
  • Profile picture of the author Patrick
    playing around with core files is in itself a big "security risk"...
    {{ DiscussionBoard.errors[7982864].message }}
    • Profile picture of the author kevinlairre
      You don't have to delete the original 'wp-login.php' ... This was simply to bypass a blocked login page - by your hosting providing ... By no means does it claim to secure anything.

      And I disagree to the fact that the new file would be a 'security risk' or creates a security hole ... but that's just my opinion ... if you think i'm wrong .. please feel free to correct me ...
      {{ DiscussionBoard.errors[7982879].message }}
  • Profile picture of the author RobinInTexas
    Messing around with the core files is a bad idea.

    Best to install a plugin like Wordfence or Bulletproof security and be done with it.
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[7982900].message }}
  • Profile picture of the author Patrick
    There is already a Codex for security in Wordpress but no one bothers to read it....

    Hardening WordPress « WordPress Codex
    {{ DiscussionBoard.errors[7982902].message }}
  • Profile picture of the author kevinlairre
    ^ But you need to be able to Login first to install the plug - in . The problem I had faced (and maybe other's might be facing - depends on their hosting provider) is the inability to login to wordpress to make any changes whatsoever. So I wrote this to address that particular problem ... and is a temporary fix ..

    I however do agree with the fact that you should not do anything stupid with the core files otherwise it could cause problems. (Thus create a backup always!) and please be careful in that aspect too.
    {{ DiscussionBoard.errors[7982907].message }}
  • Profile picture of the author SteveJohnson
    Some hosting companies went a little overboard and blocked access to wp-login.php addresses. It may have been warranted, they were getting hammered hard.

    What the OP describes will work. It is a temporary fix, and not a 'security problem' in the least. Only the person knowing the new name of the file will be able to access it.

    The only 'security' plugins that will have any effectiveness at all in this kind of attack are the ones that use .htaccess file to block repeated login attempts. However, with the number of computers that were used (I've seen estimates of 90,000 or more), your site will still go down just from the overhead of processing the high number of login attempts.

    This wasn't (isn't) a 'DDoS' attack in the true sense of the term. That was the end result, but it wasn't the objective. The objective was to gain access to the server via WP backend.

    Following the suggestions in the WP Codex for hardening your site will have prevented access, but would have done nothing to keep your site/server from going down under the sheer load of the brute-force attack.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[7983060].message }}
    • Profile picture of the author Patrick
      Originally Posted by SteveJohnson View Post

      Some hosting companies went a little overboard and blocked access to wp-login.php addresses. It may have been warranted, they were getting hammered hard.

      What the OP describes will work. It is a temporary fix, and not a 'security problem' in the least. Only the person knowing the new name of the file will be able to access it.
      k...First of all it was dumb of the hosting companies to block access to that file...There are millions of sites in WP....If your hosting has blocked that file, I would recommend you to change your hosting ! coz that is a really dumb move ( don't get it why people are calling it smart move )

      Secondly, I still stand to the line that messing with core files or EVEN creating new ones to mimic the "CORE" files is a BIG security risk !
      {{ DiscussionBoard.errors[7983636].message }}
      • Profile picture of the author kevinlairre
        Originally Posted by schwarzes View Post

        k...First of all it was dumb of the hosting companies to block access to that file...There are millions of sites in WP....If your hosting has blocked that file, I would recommend you to change your hosting ! coz that is a really dumb move ( don't get it why people are calling it smart move )

        Secondly, I still stand to the line that messing with core files or EVEN creating new ones to mimic the "CORE" files is a BIG security risk !
        Some hosting services that got hammered hard - had to block access to that file , since the attackers constantly tried to access that file and that script repeatedly and it was consuming a lot of bandwidth and a lot of resource. You really need to look into the concept of DDoS .. it's very difficult to block it especially when it comes from a range of multiple IP addresses in the tens of thousands ...

        I got the idea cause some other hosting solution did the same thing for their wordpress blog customers ... And as i said it's a temporary solution ... so even if it is a 'Big' security risk, it can be undone ...

        That being said, I am definitely curious to learn more your point of view on why and how you think mimicking a core file like the above file, is a 'BIG security risk' ?
        {{ DiscussionBoard.errors[7984334].message }}
        • Profile picture of the author Patrick
          Originally Posted by kevinlairre View Post

          Some hosting services that got hammered hard - had to block access to that file , since the attackers constantly tried to access that file and that script repeatedly
          Ok...if that's the case, then half of the world's WP site should be outdated today ? coz they cannot login to update their sites ? One pays to a hosting company for hosting their website and accessing it whenever they want so that they can update their website. Now if the hosting companies are themselves stopping the customers from accessing what they have paid for, then that's not a good hosting company ? I have several wp sites as well, none of them had problems...hostgator didn't shut down wp-login, nor did bluehost ( i worked on sites hosted on both today )

          If a hosting company cannot secure their own services, and give excuses like "DDos" and stuff like that and block access to customer's site, I think they better start paying more for security or stop acting as "secure" hosting companies...
          {{ DiscussionBoard.errors[7984435].message }}
          • Profile picture of the author kevinlairre
            Originally Posted by schwarzes View Post

            Ok...if that's the case, then half of the world's WP site should be outdated today ? coz they cannot login to update their sites ? One pays to a hosting company for hosting their website and accessing it whenever they want so that they can update their website. Now if the hosting companies are themselves stopping the customers from accessing what they have paid for, then that's not a good hosting company ? I have several wp sites as well, none of them had problems...hostgator didn't shut down wp-login, nor did bluehost ( i worked on sites hosted on both today )

            If a hosting company cannot secure their own services, and give excuses like "DDos" and stuff like that and block access to customer's site, I think they better start paying more for security or stop acting as "secure" hosting companies...
            Sure one can blame the hosting sites, cause after all it is what one pays for - fair enough. One can change their hosting service provider too. Maybe even some servers were more heavily attacked, either ways, hosting services could be blamed for it too - for not being secure -that's fair enough.

            But that still leaves one question un-answered - the question of how mimicking the above file became a 'big security risk' ?
            {{ DiscussionBoard.errors[7984459].message }}
  • Profile picture of the author SteveJohnson
    Let me just add one thing - if your WP installs had a strong 8-12 character password with upper- and lower-case letters, numerals, and a punctuation character or two, you had nothing to worry about.
    Signature

    The 2nd Amendment, 1789 - The Original Homeland Security.

    Gun control means never having to say, "I missed you."

    {{ DiscussionBoard.errors[7983131].message }}
    • Profile picture of the author Kingfish85
      Originally Posted by SteveJohnson View Post

      Let me just add one thing - if your WP installs had a strong 8-12 character password with upper- and lower-case letters, numerals, and a punctuation character or two, you had nothing to worry about.
      This isn't true. The problem here is brute forcing is causing a denial of service. The password may never be exploited however, the sheer number of connections attempting to log in causes a loss of service.
      {{ DiscussionBoard.errors[7983309].message }}
  • Profile picture of the author micksss
    I like the way HostMantis handled this attack.

    From an email they sent:

    As you may have heard, there is currently a distributed attack against WordPress logins globally that is trying to hack WordPress installations by brute forcing the logins "wp-login.php" file.

    Since this is a large and distributed attack, it is very serious and it's impact has been resulting in slow services.


    Therefore we are doing our best to mitigate the impact by limiting access to WordPress logins.


    In order to access your WordPress login, please do the following:


    In your /public_html folder, create a text file (if one does not already exist) and name it ".htaccess"


    Add the following text to the file:


    <Files ~ "^wp-login.php">
    Order deny,allow
    Deny from all


    Allow from x.x.x.x
    </Files>



    You will need to replace x.x.x.x with your cur rent IP address.


    Not sure what your current IP is? Go to Google.com and type "what is my ip?"
    Signature
    Web Hosting Reviews ► www.CastironHosting.com ◄ Read or Submit Feedback on Web Hosts.
    Web Hosting Coupons, Deals & Promos!

    Need a Virtual Private Server? www.VPSPlan.com
    {{ DiscussionBoard.errors[7984488].message }}
  • Profile picture of the author kevinlairre
    micksss - that was a good solution ... Wish me and some other people were lucky enough for our hosting providers to have handled that way - cause that solution makes a lot more sense

    Nonetheless - it's good to learn
    {{ DiscussionBoard.errors[7984522].message }}
Avatar of Unregistered

Trending Topics