Is there anyway to prevent Brute Force attempts (plugins are installed)

  • Resolved ZeroGravity

    (@zerogravity)


    5 years, 10 months ago

    I have a client’s website that is getting hammered with brute force attacks. Is there a way to prevent Brute Force login attempts that I haven’t thought of. I have these plugins installed:
    Login No Captcha reCAPTCHA
    Loginizer

    We have a complex admin username and password set. I still get on average 10 lockout emails from Loginizer every day. With the settings I have in place there are 9 attempts before the lockout email is sent, meaning 90 attempts per day.

    Is my only option to password protect wp-login.php per this page in the codex or is there another solution? Trying not to confuse a client that is not completely tech savvy with too many logins.

    Or am I being overly concerned about the number of notifications sent and need to relax. Just getting frustrated with the amount of time it’s taking to check they aren’t guessing the correct admin username.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Your plugins are working. Relax. Also, there’s no reason for it to send you an email if it’s working properly. It just gives you more to worry about. Turn off or tune down the alert emails from your plugin(s).

    FWIW, I use WordFence and have it set to lock-out an IP for 4 hours after three login attempts in 5 minutes. If someone is really persistent and comes back again and again, I lock them out a the server firewall.

    Thread Starter ZeroGravity

    (@zerogravity)

    Thanks Steven. Relaxing. ?? I have used WordFence on other sites and will probably look at adding it to this one.

    I have loginizer set to lockout for 20 minutes after 3 login attempts. After 3 lockouts it extends to 72 hours and emails me.

    They seem to be rotating IPs as there are no duplicates in the logs.

    Thanks again!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Is there anyway to prevent Brute Force attempts (plugins are installed)’ is closed to new replies.