remyperona
commented
8 years ago Did you also block XML-RPC? Often the login attempts are coming from there and not from the actual login form.
The vast majority of login attempts will be script based by bots yes
tcowin
We're using the plugin fine(thanks for all of your work!), but we have been (still) getting hack attempts where the security plugin(Wordfence) tells us people are repeatedly trying to login, adn getting blocked. I noticed the form action also goes to the new, obfuscated URL, but I'm wondering if a 'curl' POST to the original wp-login.php URL would succeed. I'm wondering also if these attempts are script based...
I was going to add a CSRF plugin to try to make sure that the person logging in actually started the session with a GET.
thoughts or recommendations??