Lockout notifications despite Brute Force Prevention

  • Resolved ZappoB

    (@zappob)


    6 years, 6 months ago

    Hello,

    I’m using the Cookie Based Brute Force Prevention with a fairly long secret word (a 5 word phrase with German words), but nevertheless I have daily dozens of failed login attempts and sometimes I get the mail about

    a lockdown event has occurred due to too many failed login attempts or invalid username:
    Username: wordpressadminpaggi
    IP Address: 195.22.88.xxx

    How is this possible? I really can’t imagine, that the secret word (which I altered several times) is guessed.

    I used the renamed admin page before, but there I got almost every day the lockdown notification mail, so I switched to the cookie based method.

    Is the another way to get to the login page? I’m quite clueless at the moment.

    Thanks for reading and best regards,
    Joe

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, do you have one of the following features enabled?

    Completely Block Access To XMLRPC:
    Disable Pingback Functionality From XMLRPC:

    To view the above features, go to WP Security -> Firewall -> Basic Firewall Rules -> WordPress XMLRPC & Pingback Vulnerability Protection.

    Kind regards

    Thread Starter ZappoB

    (@zappob)

    Hello,

    thank you very much for the fast reply.

    No, none of the above options are active. Should I activate them?

    Best regards,
    Joe

    • This reply was modified 6 years, 6 months ago by ZappoB.
    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, yes you should enable one of the features. Please carefully read what each feature does and select the correct one for you. Report back if you still have the same issue.

    Kind regards

    Same here. I now enabled the above mentioned features and changed the Login. Hopefully this will prevent brute-force spam. It is baffling to me that WordPress out of the box is insecure to such an extent.

    Thread Starter ZappoB

    (@zappob)

    I’ve done this at the time mbrsolution told me this… and no lockout notification since! Seems to work.

    Many thanks!

    Plugin Contributor mbrsolution

    (@mbrsolution)

    I am happy to hear zappob, that it is working for you so far. I will mark this support thread as resolved.

    If you need more help with anything else, please open a new support thread.

    @anchises, I am sure this will work for you as well. If you need more assistant with this or any other issues, please open up a new support thread.

    Enjoy the plugin.

    Kind regards

    Thread Starter ZappoB

    (@zappob)

    Oh, you’re right, I’ve forgot to set check the resolved-box.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Lockout notifications despite Brute Force Prevention’ is closed to new replies.