Keep getting Site Lockout notifications despite changing the login URL

  • Resolved kudakwasheza

    (@kudakwasheza)


    1 year, 11 months ago

    Hello, support,

    I have implemented the following but I keep getting site lockouts that show existing admin users:

    • Deleted the main admin and created a new one with a different user ID
    • Changed the Login URL
    • Completely block access to XMLRPC
    • Disabled users enumeration

      Please advise on what else that I need to do to prevent brute-force attacks.

      Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support aporter

    (@aporter)

    Hi,

    To further prevent brute-force attacks you could make use of the login whitelist if you have a set of static IPs that the admins login from.

    The Honeypot feature to try and block bot users.

    Turning on a CAPTCHA.

    Or you could try the cookie based login feature.

    All these can be found in WP Security -> Brute Force

    Best Wishes,

    Ashley

    Thread Starter kudakwasheza

    (@kudakwasheza)

    Hi there,

    I have implemented these(except login whitelist) but I still receive multiple lockout notifications every day. I’m wondering how they are accessing the login URL and locating the admin usernames even after creating a new Admin user.

    Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Keep getting Site Lockout notifications despite changing the login URL’ is closed to new replies.