1. Halo Guest, pastikan Anda selalu menaati peraturan forum sebelum mengirimkan post atau thread baru.

[ask] Ada yang mau coba login ke wp admin, cara pengamanannya gimana?

Discussion in 'Wordpress' started by reanmad, Feb 23, 2016.

Tags:
  1. reanmad

    reanmad Ads.id Fan

    Joined:
    May 10, 2013
    Messages:
    249
    Likes Received:
    13
    Jadi gini gan, saya punya blog hosting di HH
    Intinya, saya udah pasang plugin wp limit login attempt, trus url wp admin udah saya ganti jadi misalnya domain.com/bla-bla-bla.php sesuai petunjuk yg ane cari di mbah google
    Tapi kok masih ada yg berusaha masuk ke wp admin yah gan, saya lihatnya dari laporan wp limit login attempt, padahal url wp admin udah diganti, trus saya ganti url lain, masih tetep bisa diakses wp admin dari laporan limit login tadi
    Pertanyaannya:

    1. Itu darimana mereka bisa akses wp admin (halaman login)? padahal url udah saya ganti
    2. Cara biar mereka ga bisa akses gimana?

    Makasih sebelumnya loh gan
     
    reanmad, Feb 23, 2016
    #1
  2. biza_aza

    biza_aza Super Hero

    Joined:
    Jan 1, 2008
    Messages:
    1,736
    Likes Received:
    126
    Location:
    Bantul - Jogja
    pake plugin wordpress wordfence gan
     
    biza_aza, Feb 23, 2016
    #2
  3. reanmad

    reanmad Ads.id Fan

    Joined:
    May 10, 2013
    Messages:
    249
    Likes Received:
    13
    makasih gan, saya coba pluginnya
    mungkin tau pertanyaan yg pertama gan, mereka bisa akses halaman login lewat mana y?
     
    reanmad, Feb 23, 2016
    #3
  4. Freeze

    Freeze Ads.id Pro

    Joined:
    Nov 18, 2005
    Messages:
    388
    Likes Received:
    36
    dari xmlrpc tuh, tambahin kode ini di htaccess, di jamin gak ada lagi, sekalian bisa menghemat bandwidth, gak usah pake plugin2 segala bikin tambah berat
    RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]
     
    Freeze, Feb 23, 2016
    #4
    maskom likes this.
  5. BHWKing

    BHWKing Ads.id Fan

    Joined:
    Sep 26, 2015
    Messages:
    205
    Likes Received:
    8
    Pake plugin simple security firewall gan.
     
    BHWKing, Feb 23, 2016
    #5
  6. reanmad

    reanmad Ads.id Fan

    Joined:
    May 10, 2013
    Messages:
    249
    Likes Received:
    13
    oke gan makasih, saya coba cara ini dulu
     
    reanmad, Feb 23, 2016
    #6
  7. hariadi

    hariadi Ads.id Fan

    Joined:
    Oct 7, 2013
    Messages:
    104
    Likes Received:
    3
    Ane juga pakai plugin ini
     
    hariadi, Feb 23, 2016
    #7
  8. Aprilia88

    Aprilia88 Super Hero

    Joined:
    Dec 26, 2013
    Messages:
    2,127
    Likes Received:
    87
    Fungsinya utk meredict user yang mau masuk melalui xmlprc ya gan?
     
    Aprilia88, Mar 7, 2016
    #8
  9. Freeze

    Freeze Ads.id Pro

    Joined:
    Nov 18, 2005
    Messages:
    388
    Likes Received:
    36
    betul bro, mereka menggunakan bot untuk jebol password lewat xmlrpc, otomatis bandwidth juga banyak terbuang sia-sia
     
    Freeze, Mar 7, 2016
    #9
  10. retsu.saiba

    retsu.saiba Banned

    Joined:
    Oct 19, 2013
    Messages:
    442
    Likes Received:
    19
    analisa yg mantap dari agan ini, patut saya coba,, :D
     
    retsu.saiba, Mar 7, 2016
    #10
  11. reanmad

    reanmad Ads.id Fan

    Joined:
    May 10, 2013
    Messages:
    249
    Likes Received:
    13
    oh ya gan, ini klo di nginx gmn y? kan gak bisa baca htacces?
    ada yg tau pengganti htacces di nginx mungkin?
     
    reanmad, Apr 12, 2016
    #11
  12. kuzan

    kuzan Newbie

    Joined:
    Apr 14, 2016
    Messages:
    27
    Likes Received:
    0
    wah baru tau gan, cobain dulu nih :D
     
    kuzan, Apr 14, 2016
    #12
  13. iidbae

    iidbae Super Hero

    Joined:
    Nov 12, 2012
    Messages:
    2,314
    Likes Received:
    168
    Location:
    Pusdai-Bandung
    sama nanya.
     
    iidbae, Apr 14, 2016
    #13
  14. Freeze

    Freeze Ads.id Pro

    Joined:
    Nov 18, 2005
    Messages:
    388
    Likes Received:
    36
    wah gak pernah pake nginx gan, coba googling aja
     
    Freeze, Apr 17, 2016
    #14
  15. josuajoe

    josuajoe Ads.id Starter

    Joined:
    Apr 20, 2016
    Messages:
    59
    Likes Received:
    0
    Location:
    Jakarta Barat
    Simple gan, tambah aja di htaccess untuk authentic login nya gan.
     
    josuajoe, Apr 20, 2016
    #15
  16. siprof

    siprof Reviewer

    Joined:
    Jun 4, 2011
    Messages:
    845
    Likes Received:
    28
    pake iThemes Security, pada bagian settings pilih disable xmlrpc, Save. biasanya muncuk nginx.conf di root domain
    nah tinggal di include aja file tsb ke file konfigurasi nginx agan di /etc/nginx/sites-available/namadomainagan.conf
     
    siprof, Apr 21, 2016
    #16
    iidbae and dindinaq93 like this.
  17. profinet

    profinet Newbie

    Joined:
    Aug 7, 2014
    Messages:
    30
    Likes Received:
    1
    nyimak, sepertinya penting nih securitinya
     
    profinet, Apr 29, 2016
    #17
  18. Langit.Hosting

    Langit.Hosting Ads.id Starter

    Joined:
    May 2, 2016
    Messages:
    70
    Likes Received:
    1
    Location:
    Malang
    Coba hapus direct /wp-admin nya, trus ganti link wp-login.php jadi kusam.php / hajar.php. atau sesuai selera agan.
    tambahin juga plugin anti brute force
     
    Langit.Hosting, May 2, 2016
    #18
  19. Exorion

    Exorion Newbie

    Joined:
    Nov 4, 2015
    Messages:
    23
    Likes Received:
    0
    Nice info gan

    Ane baru tau juga ya bs bruteforce password diluar halaman login
     
    Exorion, May 12, 2016
    #19
  20. twe452

    twe452 Ads.id Pro

    Joined:
    Feb 19, 2015
    Messages:
    418
    Likes Received:
    43
    ikut nyimak jg...
     
    twe452, May 12, 2016
    #20

Share This Page