WordPress Login Page Found
Impact: Medium
Description
WordPress wp-login.php
serves as the primary login page for both users and administrators. Attackers commonly exploit this page through password guessing and brute force attacks to gain unauthorized access. Additionally, sending excessive requests to this page can result in denial of service (DoS) attacks.
Recommendation
Enhance security measures by implementing the following actions:
- Restrict access to
wp-login.php
- Avoid using the
admin
username - Enforce the use of strong passwords
- Implement mechanisms to limit the number of failed login attempts
- Enable two-factor authentication Refer to the provided references for detailed guidance
See references for more.
References
👉 You might also like:
Apache Tomcat Manager Login Found - Vulnerability
WordPress User Enumeration - Vulnerability
Brute Force Prevention Bypassed - Vulnerability
Weak Password - Vulnerability
Last updated on May 13, 2024