Adding blocked I.P addresses to permanent block list

The All In One WP Security Blacklist feature gives you the option of banning certain host IP addresses or ranges and also user agents.

This feature will deny total site access for users which have IP addresses or user agents matching those which you have configured in the settings below.
The plugin achieves this by making appropriate modifications to your .htaccess file.
By blocking people via the .htaccess file your are using the most secure first line of defence which denies all access to blacklisted visitors as soon as they hit your hosting server.

Does the above help you?

Thank you

Yes, thank you for that.
I’m getting fed up with all the failed login attempts from various I.P. addresses that are using my username ? How did they get my username if their I.P. address is blocked ?
I’ve adjusted the auto lockout to 5 attempts but still keep getting loads of the failed attempts over 24hrs.
I’ve tried changing my username but minutes after I change it someone tries to log in with my new username ? How do they monitor my ‘new’ username ?
Obviously some of these attempted hacking attacks are coming from VPN supported sources.
Is there a Plugin that can detect if the user is using a VPN?
Found this one – Proxy & VPN Blocker and by testing it does seem to work.
I’ll see if this stops all the rough log in attempts.

• This reply was modified 4 years, 3 months ago by mikejj101.
• This reply was modified 4 years, 3 months ago by mikejj101.

Hi, do you have one of the following features under Brute Force enabled?

Rename Login Page
Cookie Based Brute Force Prevention

Regards

Hi,
Don’t really understand the Rename Login Page feature so haven’t enabled that one.
I’ve enabled the Cookie based Brute Force Prevention but that doesn’t seem to block all the hacking attempts.
I’ll read up on the rename login page stuff.

Thanks.

Hi,

I’ve enabled the Cookie based Brute Force Prevention but that doesn’t seem to block all the hacking attempts.

If you still receive many logging attempts after the above settings is enabled, then your issue could be because they are most probably targeting your xmlrpc.php file. This file can be found in the WordPress root directory of your site. Check the following documentation for more information.

https://mbrsolution.com/wordpress/aiowps-plugin-pingback-protection-settings.php

Let me know how you go.

Thank you

Hi,
I’ve followed the setup of the blocking xmlrpc and it now does bring up the ‘Forbidden’ notice so maybe we can get rid of some of the hacking attacks. Have noticed a drop in the number of failed login attempts from ‘admin’ and ‘author’ and no-one is trying to login with my username now.
Thanks for all your advice.

You are most welcome ??

If your issue is resolved, you can mark this support thread as resolved.

Thank you

Hi and thanks for all your help and advice.

Noticed when I installed the Proxy and VPN blocker onto the site that it shows some attackers are accessing the users of our site by inputting :-
https://******.********.*******-society.co.uk/wp/wp-json/wp/v2/users/
I’ve blocked out the actual site name so as not to give anyone any ideas.
It allows them to actually see the Admin and Author user names in a text file…..?
I’ve had a look on the security pages and it informs me that they don’t class it as a risk and that usernames are not secure anyway, that it’s the password associated with the username that gives the security. Your thoughts on this would be appreciated.

Hi, you might try the following feature WP Security -> Miscellaneous -> WP REST API. However make sure you read the following note by the developers:

Beware that if you are using other plugins which have registered REST endpoints (eg, Contact Form 7), then this feature will also block REST requests used by these plugins if the user is not logged in. It is recommended that you leave this feature disabled if you want uninterrupted functionality for such plugins.

Let me know if the above helps you.

Thank you

Thanks for the tip. Hopefully that will block people digging inside our php files.
Don’t think anything on our site relies on Rest API so shouldn’t be an issue.

Once again thanks for your input.

Hi,

If your issue is resolved, can you mark this support thread as resolved.

Thank you