How to prevent brute force

  • Resolved 445887485124

    (@levanii)


    4 years, 8 months ago

    Hello. I just started using wordfence and i love this plugin. I want to block all ips automatically when they are trying to gain access by guessing password/username. But i want to block ip only accesing from wp-admin or login page. not from all website. How can i set it. So they still will be able to visit website. But not be able to visit login page. (i don’t have any registered user on website) So login page is only for admin. But there are so many “guest” that are trying to gain access to it.
    I have seen on other websites after 1 failed attempt locks out visitor here is photo what i mean See screenshot
    thanks

    • This topic was modified 4 years, 8 months ago by 445887485124.
    • This topic was modified 4 years, 8 months ago by 445887485124.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @levanii

    To prevent brute force login attacks please use our recommended settings here:

    https://www.wordfence.com/help/firewall/brute-force/

    Thread Starter 445887485124

    (@levanii)

    thanks

    Thread Starter 445887485124

    (@levanii)

    @wfphil but this brute force attack protection only locks out ips that trying to gain access in admin area right? Does it also lock out bots and crawlers?
    I mean it locks also bots that are trying to gain access in admin area not crawlers(for example google crawler) right?

    • This reply was modified 4 years, 8 months ago by 445887485124.
    • This reply was modified 4 years, 8 months ago by 445887485124.
    Plugin Support wfphil

    (@wfphil)

    Hi @levanii

    The brute force login attack prevention will not block legitimate friendly bots like Google’s web crawler Googlebot as Googlebot will not attempt to login to WordPress.

    Only IP addresses that attempt to login multiple times will be blocked based on the settings that you set.

    Thread Starter 445887485124

    (@levanii)

    Yes, google bot isn’t trying to get access. But how can i protect site from unwanted bot traffic

    • This reply was modified 4 years, 8 months ago by 445887485124.
    Plugin Support wfphil

    (@wfphil)

    Hi @levanii

    Thank you for the update.

    Your brute force login attack prevention rule settings will block bots that do try to login multiple times.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘How to prevent brute force’ is closed to new replies.