Googlebot crawling wp-login.php

Foxhound5366

Foxhound5366

Honorary Master
Joined
Oct 23, 2014
Messages
11,239
Reaction score
4,964
Location
Big Smoke
So as I try learn more about WordPress security, one of the basics is to rename your wp-login page.

Cerberus takes it one step further by giving you the option to block any subnets from users that attempt to access this URL, because no legitimate public user will attempt to. RIght?

So I thought, until I saw this in the Cerberus logs:
713631
713633

So interesting thing there: Google's crawlers attempt to crawl wp-login (for what possible reason?).

Obviously blocking the Googlebot subnet won't be great for SEO lol, but I'm hoping the damn bot will learn to stop requesting that URL. You'd think this would be a pretty common thing, so I'm surprised that Googlebot is even attempting it. Anybody know why?
 
It's default behaviour for crawlers to crawl your entire site and index it, if you are not specifically telling crawlers to not crawl and index specific pages of your website..

You can use the robots.txt file in the document root of your website, to tell crawlers to not crawl whichever specific pages you don't want crawled..

Not all crawlers honour the robots.txt file though but, Google at least does..
 
Password protect files and folders you don't want to be crawled. Also adds another layer of security. I do this with all my WP sites.
 
Foxhound5366 said:
So as I try learn more about WordPress security, one of the basics is to rename your wp-login page.

Cerberus takes it one step further by giving you the option to block any subnets from users that attempt to access this URL, because no legitimate public user will attempt to. RIght?

So I thought, until I saw this in the Cerberus logs:
View attachment 713631
View attachment 713633

So interesting thing there: Google's crawlers attempt to crawl wp-login (for what possible reason?).

Obviously blocking the Googlebot subnet won't be great for SEO lol, but I'm hoping the damn bot will learn to stop requesting that URL. You'd think this would be a pretty common thing, so I'm surprised that Googlebot is even attempting it. Anybody know why?
Click to expand...

I wouldn't worry about it too much.

Everyone knows the login page sits over at /wp-login for WordPress by default.
Even this site has its /wp-login pages exposed https://mybroadband.co.za/news/wp-login.php (might be a honey pot thought)
Just make sure your password is up to scratch and perhaps even activate 2FA.

You can perhaps change the route to the actual login and then change your Nginx settings to redirect on /wp-login. It should keep malicious noobs out at least.
 
Bit OT, but I don't suppose anyone in here can help me out with Google Search Console, it would appear that there is an Hacked:url injection in my index.php , or something like that, which google has flagged.

I have zero website/wordpress skills and the company that designed our website have since shut down.

We do however have root access and stuff like that.

Drop me a pm if interested, willing to pay reasonable rates.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X