Support

Admin Tools

#26893 Blocking Wordpress Attempts?

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Tuesday, 14 February 2017 17:17 CST

[email protected]
 Good Afternoon,

I'm wondering if there is a way to block attempts to access Wordpress admin URL's via Admintools? As I'm sure most sites do, we experience a lot of hack attempts to wp-admin and similar URL's. I figured it might be a good idea to just block those attempts outright, assuming it's possible in the component.

dlb
Our Admin Tools program is only for Joomla!. The architecture of WordPress makes it very difficult to secure so at this time we have elected not to produce Admin Tools for WordPress.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

[email protected]
Right, I know that. I use Admintools on Joomla. Just because I use Joomla doesn't stop potential hack attempts that are directed at Wordpress sites. In other words, I see a ton of 404's daily for attempts made on /wp-admin, even though I don't use WP. I'm just asking if there is a way to block/ban an IP based on an attempt on my domain based on the URL they are trying to access.

dlb
Ah, that's a whole different question. The goal of security is to make sure they don't succeed, they are never going to log into your Joomla! site with a WordPress admin URL.

The only thing I can think of is to redirect the WordPress URL to an address in /administrator. That would trigger a security exception and allow you to auto ban the IP. But that sounds like a really bad idea. If they hammer the WordPress URL as a DoS attack, the redirect will amplify the attack. You're better off just leaving them alone. Hackers don't use their own IP addresses, so you aren't actually banning their IP. They use compromised computers, probably using dynamic IP addresses or open proxy servers. One gets blocked, they just move to the next one in the collection.


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

[email protected]
Understood. Thanks for the fast reply!

dlb
You're welcome!


Dale L. Brackin
Support Specialist


us.gifEnglish: native


Please keep in mind my timezone and cultural differences when reading my replies. Thank you!


????
My time zone is EST (UTC -5) (click here to see my current time in Philadelphia, PA)

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!