1. Should I be blocking them?
2. Is there an automated way to do it?
3. Does wordfence want the IPs to add to list of Bad IPs?

This morning I saw the following in the log appended to my domain name in the format https://example.com/?XDEBUG_SESSION_START=phpstorm

Google results show that:

Xdebug is a php extension that allows to debug php pages, remotely by using DGBp protocol.
- Code execution is possible through eval or property_set xdebug commands.
- Attacker is also able to read content of file using source xdebug command

How does one block such attempts, short of blocking nearly every country from which such attacks are reported to originate–about everywhere on the map?

In the last 3 weeks, I’ve received numerous attacks each day (at least 3 per site I manage) from the localhost IP 127.0.0.1. The username login attempts are based on the site’s URL as well as some that use “test1234” (or similar). Is this a flaw in this plugin?

I scanned my web server using my host’s virus scanner, and it turned up nothing.

Help!

I feel this is one of the must have plugin you need in your website to make things work.

Thanks for the plugin !

How come in the report shows multi attack attempts from the same IP using directory travel and within a short time?

Even though they’re all blocked, but shouldn’t Wordfence blocks in IP from the first attempts and keep him blocked for like at least 24 hours or so?

Regrads

A few weeks ago when Wordfence was starting to report an increasing number of blocked login attempts with the usual generic usernames like admin, login, ‘thesitename’ etc., but never with the actual active username, I decided to create a new admin account with a harder-to-guess username and an even longer, random password. Then I deleted the old admin account. The following day a number of login attempts were blocked when trying, for the first time, the old, deleted username. How did the deleted username leak? I’m the only admin and nobody else has got the credentials.

However, in order to be able to create a new user I had to use a different email address and then, after deleting the old user, change it to the one I want permanently associated with the account. In that process WordPress sends confirmation emails (for the change of email addresses) containing the username (which seems like a stupid idea as I’ve given the user a nickname as well as a public displayname which of course are different from the actual username). That’s the only time my usernames have been sent by email.

Thanks & Best wishes!
David

The negative reviews on here are clearly written by users that probably shouldn’t be website admins. Read the instructions and you’ll see the interface is simple, and obtaining the country database is free. The logging function reveals just how much bad traffic gets stopped.

I am very grateful to the author for making this plugin. I know there are other ways to stop the bad guys, but this plugin makes it much easier. Please keep up the good work. And, if anyone uses the plugin, don’t forget to donate to the author!

Several of my other sites use WordFence Free, and the number of email warnings was getting too much. This plugin has really saved the day. It is easy to set up, and easy to get hold of the ‘lite’ version of the country database.

The only thing it could do with is an option to select multiple countries in one go from a tab screen instead of one at a time from a dropdown menu. No biggie, though. And as the title says, it REALLY does work.

pqljzk-vo5t_rfdb8a9wzbnu21u92jcokqmc4vp-vheysbp6nxs6tiwklzrulsejilkjyto3vtfoxcgz7s-9aclyewxum6pccgi7ioj18a8qgzdgb0kuelsv1htk-pci41ufqpdj6b9q7zpcsrzcp0xsbx4robg267vsxu0izpn8kxdvi8idoskg_hf1yb07

does anyone have any ideas what there are – perhaps attacks???