WordPress Login Page Found

Description

WordPress wp-login.php is a well-known login page for both users and administrators. Password guessing and Brute Force attacks are the main methods attackers use to break into WordPress using this page. Another common attack is sending too many requests to this page and causing Denial Of Service.

Recommendation

You can take the following actions:

• Restrict access to wp-login.php
• Do not use the admin username
• Use strong passwords
• Limit number of failed login attempts
• Use two-factor authentication

See references for more.

References

• WordPress: Brute Force Attacks
• OWASP: Brute Force Attack
• WordPress