How to ensure invalid user name attempts are blocked PERMANENTLY

  • Resolved kristinubute

    (@kristinubute)


    4 months, 2 weeks ago

    Hi

    I have setup Wordfence and ticked “Immediately lock out invalid usernames”

    and I’ve added ‘admin” as username to be locked out as well.

    WHY doesn’t it block the IP as well for that user who tries to use admin as username?

    Currently in live feed I’m seeing:

    domainname.com.au/xmlrpc.php attempted a failed login using an invalid username “admin

    Therefore if I have already added ‘admin’ as invalid username therefore it should BLOCK them PERMANENTLY shouldn’t it ? and block them permanently their IP also?

    Otherwise currently I have to go to Live Feed, and for each red dot, I have to manually open each one and click “BLOCK IP” … for every attempt ..

    Then go to “BLOCKING” area and change to PERMANENT , as it is only blocking them for 4 hours .

    HOW do I change this please?

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter kristinubute

    (@kristinubute)

    I would like any failed login for admin to be BLOCKED PERMANENTLY and their IP address.

    Thread Starter kristinubute

    (@kristinubute)

    Also for some reason when I block an IP address it says in “BLOCKING”

    Ruled added July 15, 2024 4:13 am

    Expiration of block: July 15, 2024 4:18 am

    Therefore it is ONLY blocking the IP for 5 minutes ? That is very strange, as I have blocking set for 4 hours.

    HOW and WHERE can I check this when I block an IP I would like it PERMANENTLY blocked I would prefer ..

    Thanks

    Plugin Support wfmark

    (@wfmark)

    Hi @kristinubute , Thank you for reaching out.

    For the xmlrpc.php login attempt, please confirm that you have selected the option Disable XML-RPC authentication under Wordfence>Login Security> Settings.

    When users are blocked by Brute force protection or Rate limiting, blocks normally expire after the amount of time set under WordFence> Firewall> Manage Brute Force Protection > Amount of time a user is locked out or WordFence> Firewall> All Firewall options > Rate Limiting> How long is an IP address blocked when it breaks a rule respectively.

    To make the blocks permanent, navigate to Wordfence > Firewall > Blocking. Select the checkbox next to the block associated with the IP address and click on Make Permanent.

    However, the attacker  may have access to a large pool of IP addresses and hostnames if you block them and change their tactics so they can easily circumvent your blocking rules. Wordfence does all of the important blocking for you automatically so you don’t have to, but if you wish to make your brute force protection settings a little stricter so that they can’t retry as frequently, for example reducing login failures to 3 or 5 instead of the default 20 or increasing the Amount of time a user is locked out, you might find the following links useful to learn some more:

    https://www.wordfence.com/help/firewall/brute-force/ 

    Let me know if you have any further questions.

    Thanks,
    Mark.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.