Enabled Captcha, still your plugin shows very high failed login attempts

  • Resolved swagatam1975

    (@swagatam1975)


    9 months, 2 weeks ago

    Hi,

    I have been using your plugin since very login and i have been consistently getting above 200 failed login attempt notifications.

    To control the above, i additionally added a google captcha plugin to enable a captcha for my WordPress login form.

    However, even with the captcha enabled, your plugin keeps showing very high, above 300 failed login attempts.

    Can you please clarify why this i happening?

    The captcha should simply stop all brute force attacks from the root, isn’t it.

    Awaiting your kind reply.

    Thank you.

    Swag

    • This topic was modified 9 months, 2 weeks ago by swagatam1975.
Viewing 1 replies (of 1 total)
  • Plugin Author WPChef

    (@wpchefgadget)

    Hi Swag,

    The way traffic hits your site depends on how you configure your server stack. For example, if your site is mysite.com an attacker can still hit you with mysite.com/wp-admin http request even if you don’t have that address on your site. It leads to a 404 response from your server. This will happen even if you have a capture, 2FA or a firewall. If you have a web proxy in front of your web server, you can configure a rule to redirect requests to that URL back to them or to some other domain. This will still send a request to your proxy but since it’s configured to be in front of your web server, your web server’s resources will not get used. If you don’t have a web proxy configured and the rule created, any request an attacker makes will cause a response from your server and hence the use of resources. In addition captchas can be bypassed or cracked.

    If you’re interested in upgrading to premium, we can further reduce your failed login attempts by running login requests through our cloud login firewall that can detect and neutralize many of the incoming attacks. Our cloud system collects IP information from thousands of WordPress web sites and makes blocking decisions based on that. We recommend it as a hands-free solution.

Viewing 1 replies (of 1 total)
  • The topic ‘Enabled Captcha, still your plugin shows very high failed login attempts’ is closed to new replies.