WordPress Issue

wp-login reachable

The default WordPress login endpoint is reachable and should be hardened.

Quick win: Enable MFA for administrator and editor accounts.

Run free scan Create account View Pro pricing All issue guides

Plan coverage for this workflow

Free includes SEO checks, crawl health, and WordPress security posture visibility. Pro unlocks full WordPress vulnerability intelligence, weekly vulnerability monitoring, and project-level security history.

Run free scan Compare Free vs Pro

Why it matters

A reachable login path is expected, but weak controls can increase brute-force and credential stuffing risk.

How to fix

Enable MFA for administrator and editor accounts.
Apply rate limiting, bot filtering, and temporary lockouts.
Review failed login telemetry for repeated attack patterns.

Related issue guides

XML-RPC reachable

Next step: run a fresh scan for current issue counts, then triage fixes in order. You can also browse by category in SEO checks and WordPress checks.