LinkBack URL
About LinkBacks
Hello GDufresne, welcome to our forums.Originally Posted by GDufresne
We are not sure at this time if this is going to be the standard, but it may certainly become the standard if WordPress or Softaculous (or both) do not devise a solution to the problem with this software. It would be better if their software allowed the user to specify a different file or location for the admin area other than wp-login.php since this is the file the robots have been programmed to attack.
Here is one such plugin that can possibly help:
http://wordpress.org/plugins/rename-wp-login/
It would also be good if their software allows the person installing it to password protect their wp-admin folder using Apache's htpasswd feature. htpasswd is simply what cPanel calls Password Protected Directories and all it does is enable this functionality in .htaccess to password protect certain areas of your site as you see fit.
This method may actually be better because when these robots fail to login a set number of times, they will be automatically added to the server's blacklists in the firewall. This means if all users are using this method, there are lots of sites contributing to build the firewall rules against known bad robots.
The reason this is not the default cure for the problem at this time, is because we don't have a way of doing this each time someone decides to install WordPress on their account using Softaculous auto-installer in cPanel, or if they do it by hand.
Reply With Quote