999 JILI casino login registration,NN777 login register.Recharge Every day and Get Bonus up-to 50%!

Resolved thomasius1
(@thomasius1)

3 years, 4 months ago

Attempts to log in to wp-login despite bruteforce protection by / wp-admin /

I have stored brute force protection in the / wp-admin / folder for my site at the provider. Secure username + long, secure password. The upstream login window actually pops up in different browsers for me.

The Wordfence plug-in (free version), which I appreciate, gives daily alerts that users from all over the world are trying to log into wp-login.php.

What could be the reason?
Thank you for your help

A user with IP address 212.199.163.60 has been locked out from signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 20. The last username they tried to sign in with was: ?admin‘.
The duration of the lockout is 4 hours.
User IP: 212.199.163.60
User hostname: 212.199.163.60.static.012.net.il
User location: Jerusalem, Israel

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Support wfpeter
(@wfpeter)

3 years, 4 months ago

Hi @thomasius1, thanks for getting in touch.

By the protection you speak of on /wp-admin/ do you mean you have hidden or changed your URL?

It can be frustrating to see many login attempts such as this, especially if there seems to be no logical reason, but this is actually quite a normal occurrence.

You might find the following blog post interesting: https://www.wordfence.com/blog/2018/03/ask-wordfence-why-is-an-insignificant-site-like-mine-being-attacked/

Wordfence, as an endpoint firewall cannot stop a bot or human from trying to visit your website altogether, but rather deal with the visits appropriately when they happen.

My general advice is that Wordfence does all of the important blocking for you automatically so you don’t have to, but if you wish to make your brute force or rate limiting rules a little stricter so that they can’t retry as frequently, for example reducing login failures to 3 or 5 instead of 20, you might find the following links useful to learn some more:

https://www.wordfence.com/help/firewall/brute-force/
https://www.wordfence.com/help/firewall/rate-limiting/

Thanks,

Peter.
Thread Starter thomasius1
(@thomasius1)

3 years, 4 months ago
Hi Peter,
I mean that the / wp-admin / folder is protected. When calling up wp-login.php, you first have to enter a password and user name before doing the WordPress login.

Here is a sample

Thank You
Thomasius1
- This reply was modified 3 years, 4 months ago by thomasius1.
Plugin Support wfpeter
(@wfpeter)

3 years, 4 months ago

Hi @thomasius1, thanks for providing that extra information.

I have been on annual leave and have been catching up on responses that may have been missed in the mean time as WordPress forums don’t return all new topics to the top for attention.

The most common cause for Wordfence blocking logins when the login URL has been changed is that xmlrpc.php still exists, and attackers try logging in there. If your site is not using XML-RPC for the WordPress app or for other plugins such as Jetpack, you can select Wordfence > All Options > Disable XML-RPC Authentication to disable logins through this method.

Thanks again,

Peter.

Thread Starter thomasius1
(@thomasius1)

3 years, 4 months ago

Hi Peter,
thanks for your answer, I try this.!
Plugin Support wfpeter
(@wfpeter)

3 years, 3 months ago
Hi @thomasius1,

No worries at all, please also note that XML-RPC can be disabled altogether if you’re not using a plugin such as Jetpack or the WordPress mobile app by inserting the following code into your .htaccess file:
```
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
```
If you notice any plugins or features negatively impacted by this, you can simply remove it again.

Thanks,

Peter.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Attempts to log in to wp-login despite bruteforce protection by / wp-admin /’ is closed to new replies.

Tags