WordPress Login Page Found

Description

WordPress wp-login.php serves as the primary login page for both users and administrators. Attackers commonly exploit this page through password guessing and brute force attacks to gain unauthorized access. Additionally, sending excessive requests to this page can result in denial of service (DoS) attacks.

Recommendation

Enhance security measures by implementing the following actions:

• Restrict access to wp-login.php
• Avoid using the admin username
• Enforce the use of strong passwords
• Implement mechanisms to limit the number of failed login attempts
• Enable two-factor authentication Refer to the provided references for detailed guidance

See references for more.

References

• OWASP: Brute Force Attack
• WordPress
• WordPress: Brute Force Attacks