WordPress Login Page Found

Description

WordPress wp-login.php serves as the primary login page for both users and administrators. Attackers commonly exploit this page through password guessing and brute force attacks to gain unauthorized access. Additionally, sending excessive requests to this page can result in denial of service (DoS) attacks.

Recommendation

Enhance security measures by implementing the following actions:

• Restrict access to wp-login.php
• Avoid using the admin username
• Enforce the use of strong passwords
• Implement mechanisms to limit the number of failed login attempts
• Enable two-factor authentication Refer to the provided references for detailed guidance

See references for more.

References

• WordPress: Brute Force Attacks
• OWASP: Brute Force Attack
• Should I Hide My Admin Login Page? Yes, You Should!
• WordPress
• CAPEC-49

Related Issues

• Unreferenced Login Page Found - Vulnerability
• Apache Tomcat Manager Login Found - Vulnerability
• WordPress User Enumeration - Vulnerability
• Brute Force Prevention Bypassed - Vulnerability

Tags:

Wordpress

Brute Force

Denial of Service

Authentication