WP login not secure?
- Thread starter Morticia
- Start date
Help Support Bed & Breakfast / Short Term Rental Host Forum:
Arks
Well-known member
- Joined
- May 22, 2010
- Messages
- 6,460
- Reaction score
- 579
My WP login page for my website says
http://www.myownwebsite.com/wp-login.php
I guess it might say https if my website had an SSL certificate. So I guess it's a function of your won website setup, not something controlled by WP.
http://www.myownwebsite.com/wp-login.php
I guess it might say https if my website had an SSL certificate. So I guess it's a function of your won website setup, not something controlled by WP.
Yours has never been secured. Don't know why you thought it was. It has always been http...not https. Things are now changing and the company you are hosting with is now making all sites encrypted with https but to make your own personal site secure, you will need to install the Really Simple SSL plugin.
Jim yours is secure. We installed the Let's Encrypt and the REALLY SIMPLE SSL plugin when the site was set up. You were ahead of the curve
JimBoone
Well-known member
- Joined
- Dec 18, 2014
- Messages
- 1,202
- Reaction score
- 264
Thanks to your pointing me in the best directionJim yours is secure. We installed the Let's Encrypt and the REALLY SIMPLE SSL plugin when the site was set up. You were ahead of the curve
.
Morticia
Well-known member
- Joined
- May 22, 2008
- Messages
- 17,771
- Reaction score
- 685
The login was secure, tho. Just the login page. It didn't used to have an x thru the lock. But, I will add the plugin and update my webmaster page for https.EmptyNest said:
GoodScout
Well-known member
- Joined
- Sep 25, 2012
- Messages
- 1,330
- Reaction score
- 550
May I also humbly suggest if you're not using two-step authentication (where you're texted a six-digit code to input during the login process) you consider it. My Wordfence tells me I get about one person a week trying to guess passwords.
I suggested it to hosting company to set it up as an auto function
and was told they had so many complaints they took it off. But I may be suggesting it again.
wordfence catches more than that on sites I monitor. I got so sick of all the emails I turned most of them off. I just don't have time nor do I charge maintenance fee. I am surely getting out of web design this year. I just can't keep up with it all and my chiro is sick of my weekly visits I think
Morticia
Well-known member
- Joined
- May 22, 2008
- Messages
- 17,771
- Reaction score
- 685
What plug in do you use? I have 2 websites and they both get lists of attempted log ins.PhineasSwann said:
GoodScout
Well-known member
- Joined
- Sep 25, 2012
- Messages
- 1,330
- Reaction score
- 550
Wordfence is my big one. I have the pro version after my site got hacked last year and it took me 72 straight hours to fix it.
Generic
Well-known member
- Joined
- Feb 24, 2011
- Messages
- 7,728
- Reaction score
- 281
I have wordfence installed as well (paid someone on fivver to do it.) But since the URL for login isn't standard, I don't really get attempts, plus there is the captcha to deal with. And of course there is no account called admin.
Momma Smurf
Well-known member
- Joined
- Dec 6, 2010
- Messages
- 1,097
- Reaction score
- 97
I have WordFence pro also.
I thought we installed wordfence on yours
Morticia
Well-known member
- Joined
- May 22, 2008
- Messages
- 17,771
- Reaction score
- 685
Yes, I have word fence, on both websites. There's a list of attempted login tries and the names they used.EmptyNest said:
They've gone beyond admin now and try some version of your website.
Helpful hints - don't use these as your login name:
- Your own name
- Your inn name
- Any portion of your inn name
- Your town name
Yep makes sense. Let Wordfence just do its job. I don't obsess over it. Our hosting company owner shared with me some stats of what they capture before they even try those...mind boggling...but good to know hosting is taking care of us
