12 Aug
2013
12 Aug
'13
10:50 a.m.
Daniel Case said:
If I remember rightly, you can make the wordpress
script die before it
loads much at all if the username "admin" is entered (as long as it's
not your username!) It would involve playing with the script, but it's a
relatively simple addition and it can be removed before an upgrade.
I have found at least one wp-login.php patch that does the 'are they
accessing this properly?' testing, but not this one.
After about another hundred IP addresses were banned between midnight
and 1am, eighty more in the following hour, and another sixty after
that... I gave up and went down the Apache authorisation route on the
basis that the sooner in the process that they're stopped, the better.
I did put the login details in the authorisation's popup message, and
no-one's complained yet :)
Ian