Disabled access To WP-Login, Admin & XML-RPC – Still Get IP Failed Login Attemp

  • Resolved adaptablewebsites

    (@adaptablewebsites)


    6 years, 10 months ago

    Hi,

    In htaccess I have disabled access to …

    wp-login.php … only my IP address can access it.

    Same with Admin

    Same with xml-rpc

    I am still getting a lot of failed login attempts as advised by the Sucuri plugin.

    The web host used is Siteground … they have firewalls at the server level … you lot I think.

    Can you advise me on the next step please. How can I still be getting login attempts with thios type of lockdown that I’ve applied.

    Many Thnaks

    Regards Mark

Viewing 1 replies (of 1 total)

  • I am still getting a lot of failed login attempts […] How can I still be getting login attempts with thios type of lockdown that I’ve applied?

    Here is a list of possible answers to your question:

    • The attacker is constantly changing their IP address;
    • The attacker is inside your own LAN (same IP as yours);
    • Another plugin is allowing user authentications (extra XMLRPC);
    • The “mod_access” module is disabled (invalidates htaccess rules);
    • The “lockdown” was incorrectly applied.

    I cannot give you a better answer because I don’t have access to your server to confirm that the “lockdown” was correctly applied, maybe you missed something maybe not. I can only speculate about the reasons that are allowing the plugin to report additional login attempts.

    If you believe this is a bug in the plugin’s code, let me know and I will investigate further. Otherwise, we can leave this ticket marked as resolved.

Viewing 1 replies (of 1 total)
  • The topic ‘Disabled access To WP-Login, Admin & XML-RPC – Still Get IP Failed Login Attemp’ is closed to new replies.