WordPress Login Page Found
Impact: Medium
Description
WordPress wp-login.php
is a well-known login page for both users and administrators. Password guessing and Brute Force attacks are the main methods attackers use to break into WordPress using this page. Another common attack is sending too many requests to this page and causing Denial Of Service.
Recommendation
You can take the following actions:
- Restrict access to
wp-login.php
- Do not use the
admin
username - Use strong passwords
- Limit number of failed login attempts
- Use two-factor authentication
See references for more.
References
👉 You might also like:
Unreferenced Login Page Found - Vulnerability
WordPress User Enumeration - Vulnerability
Apache Tomcat Manager Login Found - Vulnerability
How to Secure Your WordPress Website
Last updated on February 15, 2021