Googlebot crawling wp-login.php

Foxhound5366

Executive Member
Joined
Oct 23, 2014
Messages
6,845
So as I try learn more about WordPress security, one of the basics is to rename your wp-login page.

Cerberus takes it one step further by giving you the option to block any subnets from users that attempt to access this URL, because no legitimate public user will attempt to. RIght?

So I thought, until I saw this in the Cerberus logs:
713631
713633

So interesting thing there: Google's crawlers attempt to crawl wp-login (for what possible reason?).

Obviously blocking the Googlebot subnet won't be great for SEO lol, but I'm hoping the damn bot will learn to stop requesting that URL. You'd think this would be a pretty common thing, so I'm surprised that Googlebot is even attempting it. Anybody know why?
 

WAslayer

Expert Member
Joined
May 13, 2011
Messages
3,344
It's default behaviour for crawlers to crawl your entire site and index it, if you are not specifically telling crawlers to not crawl and index specific pages of your website..

You can use the robots.txt file in the document root of your website, to tell crawlers to not crawl whichever specific pages you don't want crawled..

Not all crawlers honour the robots.txt file though but, Google at least does..
 

bratwurst

Expert Member
Joined
Oct 15, 2008
Messages
3,867
Password protect files and folders you don't want to be crawled. Also adds another layer of security. I do this with all my WP sites.
 

ronald911

Expert Member
Joined
Jun 1, 2007
Messages
1,503
So as I try learn more about WordPress security, one of the basics is to rename your wp-login page.

Cerberus takes it one step further by giving you the option to block any subnets from users that attempt to access this URL, because no legitimate public user will attempt to. RIght?

So I thought, until I saw this in the Cerberus logs:
View attachment 713631
View attachment 713633

So interesting thing there: Google's crawlers attempt to crawl wp-login (for what possible reason?).

Obviously blocking the Googlebot subnet won't be great for SEO lol, but I'm hoping the damn bot will learn to stop requesting that URL. You'd think this would be a pretty common thing, so I'm surprised that Googlebot is even attempting it. Anybody know why?
I wouldn't worry about it too much.

Everyone knows the login page sits over at /wp-login for WordPress by default.
Even this site has its /wp-login pages exposed https://mybroadband.co.za/news/wp-login.php (might be a honey pot thought)
Just make sure your password is up to scratch and perhaps even activate 2FA.

You can perhaps change the route to the actual login and then change your Nginx settings to redirect on /wp-login. It should keep malicious noobs out at least.
 

Purply

Expert Member
Joined
Mar 4, 2013
Messages
3,888
Bit OT, but I don't suppose anyone in here can help me out with Google Search Console, it would appear that there is an Hacked:url injection in my index.php , or something like that, which google has flagged.

I have zero website/wordpress skills and the company that designed our website have since shut down.

We do however have root access and stuff like that.

Drop me a pm if interested, willing to pay reasonable rates.
 
Top