changed login but still getting notifications

  • Resolved germars

    (@germars)


    4 years, 4 months ago

    So, I was getting a LOT of people trying to sign into this account using the login page, so I thought I would hide the login. So I’ve done that for three days and I’m still getting notifications from Wordfence that so and so tried to sign in to this site.

    How is that possible? Is there a way that they can find the new word that I randomly chose instead of wp-login?

    And why on earth would you only blacklist a person if I have a paid version of Wordfence? Wouldn’t it benefit your paid subscribers to know that someone is trying to hack a site regardless of whether that site has paid for Wordfence or not? Or do I have that wrong. The message just says that they are locked out for one day.

    Thank you. This is the latest one I got.

    A user with IP addr 210.195.197.188 has been locked out from signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 10. The last username they tried to sign in with was: ‘sandybeachtrailercourt’.
    The duration of the lockout is 1 day.
    User IP: 210.195.197.188
    User hostname: 210.195.197.188
    User location: Kuala Lumpur, Malaysia

    Mary

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi Mary.

    Regarding your first question, hiding the login URL doesn’t really add any additional level of security. Automated bots will eventually figure it out as you’ve already experienced.

    Regarding your second question — If you are a premium license owner and have questions or problems, I would recommend visiting https://support.wordfence.com, where we have a dedicated support team and ticketing system for our premium customers.

    From the message you posted, it appears to be coming from the brute-force protection. This functionality protects you from the the attacks that are not coming from IP addresses that are on the blocklist. The detection and lockout parameters are configurable by site owners. When you are logged into your site Dashboard, you select Wordfence->All Options. Then scroll down the the Brute Force Protection section. There you can configure the lockout duration to anywhere between 5 minutes and 2 months. You can also set other parameters regarding timeframe and and number of failed logins. I will caution you that settings these values too low could have adverse affects to legitimate users logging in.

    Best Regards,
    Scott

    Thread Starter germars

    (@germars)

    Thank you Scott. I can’t convince my 60 odd clients to purchase Wordfence sadly so they all get the free version. And I didn’t know hackers would find the new log in so quickly (within a day). So I’ll just change that back. Just makes it slightly harder for me to remember it.

    And I’ve changed my sites to lock people out permanently if they use admin or another login that looks like they are taking it from the site for 2 months instead of a day. In pretty much all the cases, I’m the only one signing in, but for those clients that do updates themselves, I will give them more leeway.

    Thanks again.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘changed login but still getting notifications’ is closed to new replies.