Hackers running code?

  • Resolved equineadoption

    (@equineadoption)


    5 years, 9 months ago

    Hi,

    Why is this plugin not stopping hackers from trying to login with an invalid username, the 4 to 5 attempts all happen within seconds?

    They must be using code to achieve this?
    or
    Is wordfence blocking them as soon as they put in the invalid username before they need to fill the reCAPTCHA?

    Any thoughts?

    Thanks
    Chris

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Robert Peake

    (@robertpeake)

    I agree it’s strange. I’m looking into the possibility that these automated attempts are leveraging the WordPress API Authentication features, which obviously are not / can not be protected by a captcha.

    Thread Starter equineadoption

    (@equineadoption)

    Hi Robert,

    Thanks for checking that out.

    I get hit daily, there will be a flood of rapid hits than about a 12-hour pause. Then it starts again this has been going on for about 5 days now. They are coming from all over the world, mostly from Vietnam.

    Chris

    Plugin Author Robert Peake

    (@robertpeake)

    Hi,

    I tested this, and indeed WordFence intercepts invalid usernames “upstream” of the reCaptcha checking.

    So, a bad actor submitting a login form without a valid reCaptcha and also with an invalid username will be intercepted by WordFence, sending back the “you are locked out” screen and generating an email alert to the (real) admin.

    Of course, if WordFence were disabled, a bad actor submitting a login form without a valid reCaptcha and also with an invalid username would still be intercepted by this reCaptcha plugin and denied access. It is just that WordFence “gets there first”.

    Hope this makes sense. It may be possible in a future release to put the reCaptcha checking “ahead” of WordFence, in which case the reCaptcha checking would handle this (silently) instead of WordFence generating the emails.

    Best,
    Robert

    Thread Starter equineadoption

    (@equineadoption)

    Hi Robert,

    I thought that maybe the issue, thank you for checking into it.

    Chris

    Plugin Author Robert Peake

    (@robertpeake)

    Hi Chris,

    With the release of 1.4 I have increased the priority of the CAPTCHA checking ahead of WordFence, so hopefully now you won’t keep getting these spurious alerts.

    Best,
    Robert

    Thread Starter equineadoption

    (@equineadoption)

    Hi Robert,

    Thank You

    Chris

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Hackers running code?’ is closed to new replies.