It can be done using menu_alter, but I do agree it is on the paranoid side and really won't provide extra security. Instead it's much better to do something like add CAPTCHA on the login form. Even better:
https://drupal.org/project/flood_control
You can limit the number of failed logins per IP and and username.
Jamie Holly http://www.intoxination.net http://www.hollyit.net
On 1/29/2013 8:19 AM, Earnie Boyd wrote:
On Mon, Jan 28, 2013 at 10:41 PM, Steve Wickham steve@wickwoodonline.com wrote:
From what I understand, in the WordPress world it is a fairly common thing
to change the path of the user login page in order to harden the site because this helps prevent bots from finding the login page in the first place. The other thing that is commonly done is to change the preassigned admin username to something else.
I myself have wondered about how this might be done with Drupal, and have never found an answer. Although to be honest, i never looked that hard. So if you do find the answer, or if someone knows the answer to this, please post it back here.
It can be done but you have to study the hooks system of the API. But setting user registration to admin only and removing the login block should be sufficient. Changing /user is a bit on the paranoid side.