Wordpress - login lock

[backtofront]

I have a couple of Wordpress sites and a problem with a probe looking for the log in account details. I use Log In Lock which blacklists the IP address. But the probe switches to another. Switches to multiple IP addesses. So many I assume it is merely cloaking the IP address it is using and fooling the plug-in. 

 

So I remove the Wordpress log in file. That works for awhile.

 

But more often than not it counters that move and somehow keeps triggering the Log In Lock feature. Any ideas on how to deal with it?

[KittenKong]

You need to install a plug-in that changes your admin login page to a hidden URL permanently, like WPS Hide Login. That will normally stop bots from finding it. And look at using a better security plug-in generally.

[backtofront]

Will do.

 

The bit I don't understand is how the bot triggers the plugin after I remove the wp-login.php file entirely. I must be missing a step. What other precautions should one be installing? 

[KittenKong]

2 hours ago, backtofront said:

Will do.

 

The bit I don't understand is how the bot triggers the plugin after I remove the wp-login.php file entirely. I must be missing a step. What other precautions should one be installing? 

 

You dont remove the file. The plug-in just prevents access to it, and only allows access via another URL of your choosing. ie something like "mysite.com/mysecretURL". Read the instructions.

 

Some other things to do are to not have a user with id 1, not to use the username admin, to always use display nicknames rather than login usernames, and increase password strength. Decent security plug-ins will handle most of that for you. Search for "security" in the WP add plug-in screen. Many have millions of users.