www issue on wordpress site

[Delta Skies]

To protect my websites from hackers I have added a plugin that renames the /wp-login.php to a new page name. So now if I type www.sitename.com/wp-login.php I get a 404 (which is good) and I can login using www.sitename.com/newpage.php (which also is good).

But......

If I type sitename.com/wp-login.php (i.e. without the w's) I can still get to the login page (which is bad - because I'm getting non-stop attempts at being hacked today).

It looks like my site is working different with and without the www as the prefix.

Just to stop me getting the thousands of email warnings I've been having all day I've just renamed the wp-login.php manually so nobody can find it but obviously I can't login in the meantime.

Any suggestions would be gratefully received

 

[KayJay]

I'm not completely sure but this might just be a domain configuration. Have a look at the DNS settings for your domain name and see if there is an entry for www. I had this issue with something else but with Wordpress and the missing setting resolved it for me.

Prior to making this change was the site working before with and without the www ?

 

[Jin]

Posting the name of the plugin would be more helpful.

Though you could just directory password protect wp-admin as an extra layer of defence right?

 

[Delta Skies]

I currently use "HC Custom WP-Admin URL" to change the url of the admin pages and added "Aspexi Easy Login URL" to hide the reset password page.

In the end I've solved the issue by changing the .htaccess file to redirect anything without the www to an address with it. This seems to have sorted things. Or at least will do until this buggers find another way of potentially getting in.

Thanks for the responses KayJay and Jin.

 

[frank]

Maybe I'm a bit late in posting, I've been away a few days, a free plugin I use Better WP Security, excellent program for me so far, it will make a shed load of changes to WP to make the hackers life harder and his software, changes your ID No of the admin in the dbase also can change , force strong usernames generally munge some stuff up for the hacker so the hacker has to guess. My club site of 450 pages still works well. I like the fact theres a feature that denies access to the admin panel overnight for me, you can set the times, lots more useful anti-hacker options. One or two things you need to be careful with or you lock yourself out. My username and password changed to my local neds lingo so a foreigner probably couldn't even guess Worth a look

 

[neil_g]

check your hosting options, looks like yourdomain.co.uk isnt forwarding to www.yourdomain.co.uk

 

[Delta Skies]

Thanks for following up guys. Neil you are right the forwarding wasn't working which I fixed last week using .htaccess.