5000 user login attempts though hidden login/cookie

Hi, perhaps they are targeting your xmlrpc.php file. Try disabling xmlrpc via the firewall rules and see if that makes a difference.

Let me know how you go.

Thank you

we did so. still a few dozen hack attempts each day.

Hi, I must say that a few dozen in comparison to 5000 is a huge improvement. Can you provide more information regarding the hack attempts you are receiving? Also a list of plugins you have installed in your site?

Thank you

sure, grateful for that. actually we’ve had about 20 hack attempts / blocked logins with the inexisten standard admin name. well spread over worldwide all ips and about every hour average. about 50% come from 97.74.228.xxx godaddy. plugins installed: html on pages, all in one seo pack, advanced post slider, all in one security, anti spam bee, classic editor, contact form 7 + honeypot, custom 404 error page, wp easy smtp, email address encoder, enhanced text widget, google analyticator, jquery in posts, newsticker, newsletter, owl carroussell, photo galleria, php code for posts, resize at upoload plus, simple page ordering, sitemap, slide anything, tiny mce advanced, wp-slimbox 2. no known security issues in any used version of the plugins.

Hi, your list of plugins is larger. How many are active? Are they all up to date? What WordPress version are you running?

Are you using CloudFlare or something similar in your site?

Regards

i know, it’s a lot. but we need them all, it’s only the active ones. all plugins are uptodate, no security issues shown. wordpress version is 5.1.1.

Hi,

Are you using CloudFlare or something similar in your site?

nope.

Hi, I am not sure how they are reaching into your sites admin URL since you are using one of Brute Force features. Plus you are disabling xmlrpc via the firewall rules.

Regards