• Resolved tedraortega

    (@tedraortega)


    over the weekend i had 123 new lockouts and 1 banned user. my admin account was the banned user of course (wasn’t me trying to login). the only way i could get back in to the dashboard was to use my backup account, which they have already tried to get that one banned as well for too many attempts. on both accounts I have 2FA on and my IP is whitelisted. any other settings to block them? the ip address is 10.30.72.4 which gives me ZERO information on where they are coming from. hiding the username might help, hiding the login might help but beyond that any other ideas?

    • This topic was modified 2 years, 2 months ago by tedraortega.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Hi @tedraortega,

    If not already, use the iTSec plugin Logs page to figure out which brute force method(s) is(are) being used. Then, if possible, prevent that(those) brute force method(s) from being public/available on your site (like Login Page, XML-RPC etc).

    +++++ To prevent any confusion, I’m not iThemes +++++

    • This reply was modified 2 years, 2 months ago by nlpro.

    Hi @tedraortega,

    If you require no further assistance please mark this topic as ‘Resolved’.

    Plugin Support chandelierrr

    (@shanedelierrr)

    I hope the information provided by nlpro helped resolve your issues. Since we haven’t received a response, I’ll mark this post resolved. If you still need some assistance, feel free to open a new support topic, and we’d be happy to assist. Thank you!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘brute force with my username’ is closed to new replies.