Failed login attempts from username [login]

  • Wordfence has the option to immediately block out invalid usernames. Here’s an extract for the help for this option:

    Any username you add here will cause an IP to be blocked if they try to log in with that username. You can add usernames that are frequently used in brute force attempts such as “admin” or your domain name without the top domain.

    I have two WP sites, one for the top domain and the other for a subdomain. For the subdomain, adding the domain name without the top domain is very effective. However, for the WP site connected to the top domain, the domain name without the top domain is… [login]?

    What I’m seeing in Live Traffic are failed login attempts to [login] for the top domain site. I don’t see these for the suddomain site. Adding [login] to the list of invalid username (there’s only one other for me ‘admin’. which is effectively blocked) has no effect. Is there a way to immediately block failed login attempts to this username?

    The page I need help with: [log in to see the link]

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @basilh and thanks for reaching out to us!

    You could add [login] to All Options > Firewall Options > Brute Force Protection > Immediately block the IP of users who try to sign in as these usernames. This should automatically block any IP that attempts to login as that username.

    Let me know if this was what you were looking for or if I missed something!

    Thanks!

    Thread Starter Basil Hendroff

    (@basilh)

    Hi @wfadam, and thanks for responding. I do actually have both admin and [login] as usernames to immediately block the IP of. admin is effectively blocked, but [login] is not. Note that this is a top domain of the form mydomain.com.

    I have second WP site in a subdomain of this top domain so of the form sub.domain.com. Usernames I block the IP addresses of here are admin and sub. Both are effectively blocked.

    It seems [login] replaces sub for a top domain, but blocking doesn’t appear to be effective in this case.

    Plugin Support WFAdam

    (@wfadam)

    Could you show me a screenshot of a Live Traffic [login] account attempt? Also a screenshot of your Brute Force Protection settings.

    Thanks!

    Plugin Support WFAdam

    (@wfadam)

    Also, just to test it, I attempted the [login] on your site and was blocked immediately. So it seems to be working correctly.

    Let me know what you find!

    Thanks!

    Thread Starter Basil Hendroff

    (@basilh)

    @wfadam I wasn’t expecting such a rapid response!

    Failed Login Attempt

    You’ll notice from the image that what I see is a failed login rather than a block when the user is [login].

    Plugin Support WFAdam

    (@wfadam)

    I am wondering if these 2 options are fighting each other in the Brute Force Protection settings.

    Try to remove the 2 entries in the Immediately block the IP of users who try to sign in as these usernames and leave the Immediately lock out invalid usernames enabled. Then try a test with logging in with [login] and see what block message you get.

    Let me know what you find!

    Thanks!

    Thread Starter Basil Hendroff

    (@basilh)

    @wfadam I’ve done some more rigorous testing. You’ll find the results at More comprehensive tests

    Plugin Support WFAdam

    (@wfadam)

    That is some good testing!

    It looks like the blocks are working as intended but the Live Traffic isn’t producing the correct block message. I actually tested this on my test site as well. I was being blocked both ways correctly as well, but the Live Traffic wasent displaying the correct block reason.

    At least we know the blocks are still occurring. I will pass this along to our team.

    Thanks!

    Thread Starter Basil Hendroff

    (@basilh)

    @wfadam Your welcome. Btw, the posts are temporary. I’ll leave them as is for a couple of days, but I’d appreciate it if your team can take the results off if required, or I can move it to a less transient location if preferred. Let me know what you would like me to do.

    Plugin Support WFAdam

    (@wfadam)

    I took screenshots of the entire page if you would like to remove it.

    Thanks again!

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Failed login attempts from username [login]’ is closed to new replies.