Login Verification Required – Do they know the password?

  • Resolved Ryder

    (@hyflex)


    4 years, 5 months ago

    Hi,

    I received 10 or so emails this morning from Wordfence titled “Login Verification Required”

    The email said “Please verify a login attempt for your account on WEBSITEHERE” and it had the time, IP and said that it had been flagged as suspicious and as such needed to be allowed if it was me.

    Obviously it wasn’t me in this case, I can see from the live traffic that it was someone visiting the site and attempting to login with a real username as you can see below:

    clipboard

    Does that mean this user got the password incorrect; or do they know the password and it got rejected for a different reason?

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hey @hyflex,

    I know it’s alarming to see these attacks. From what I can see in the screenshot it was a failed login attempt, and I don’t believe they know the password. I consider usernames weak by default since there’s so many ways to gain them. However, if you’re using a strong password and 2FA you’ll be just fine. There’s only so much we can do to prevent attacks, it’s more about making sure they aren’t successful, which it looks Like is happening.

    Please let us know if anything else comes up.

    Thanks,

    Gerroald

    Hey @hyflex,

    I’m going to go ahead and close this thread. However, if you have any other questions, or anything else comes up please let us know.

    Thanks,

    Gerroald

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Login Verification Required – Do they know the password?’ is closed to new replies.