wp-login.php

Rate limiting: another way I guard against brute-force logins

For the last few weeks, the VPS powering this site received an increase in nefarious traffic arriving via IPv6. Perhaps unsurprisingly, much of this traffic came as brute-force login attempts against my WordPress site, and its arrival over IPv6 was key.

As I noted in my post on login monitoring, I already employ fail2ban, in conjunction with Konstantin Kovshenin’s technique for blocking failed WP logins. Unfortunately, fail2ban only supports IPv4, which is the only reason I even noticed this uptick in login attempts or needed to address it.

Continue reading Rate limiting: another way I guard against brute-force logins

Replacing WordPress Logo on wp-login.php

There are many times when, as much as I’d love to publicize that a site is built on WordPress, the logo just isn’t appropriate on the login screen (wp-login.php). Thankfully, it’s quite easy to replace the logo using a bit of CSS. Simply paste the following snippet of code into your theme’s functions.php file and adjust the CSS on line 4 as needed.

//Theme login screen
function replace_login_logo() {
 $style = '<style type="text/css">';
 $style .= '#login h1 { background: url( ' .  get_stylesheet_directory_uri() . '/images/logo.gif ) no-repeat scroll center top transparent; display: block; height: 118px; overflow: hidden; padding-bottom: 15px; text-indent: -9999px; width: 369px; margin-left: -25px; }';
 $style .= '#login h1 a { display: none; }';
 $style .= '</style>';

 echo $style;
}
add_action( 'login_head', 'replace_login_logo' );