Site Lockout Notification even after custom login URL and whitelisted IP

  • Resolved ashutosh508

    (@ashutosh508)


    5 years, 7 months ago

    I have captcha, custom login url and whitelisted IP for my WP.

    Still, i keep getting emails of Site Lockout Notification from various IP’s (brute force attack) at odd hours of the night. I get 30-40 emails and then it stops.

    I tested the login URL from other IP’s (cafe’s, mobile internet) and it shows forbidden. This is how i know that the IP whitelist is working.

    But how is some bot able to reach my login page and attempt logins from an unlisted IP? What am i missing?

Viewing 1 replies (of 1 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi,

    They might be targeting the following file xmlrpc.php. This file can be found in the WordPress root directory of your website installation. Enabling one of the following features will help you even further. They are located in WP Security -> Firewall -> Basic Firewall Rules.

    Completely Block Access To XMLRPC:
    Disable Pinback Functionality From XMLRPC:

    Let me know if the above helps you.

    Kind regards

    • This reply was modified 5 years, 7 months ago by mbrsolution.
Viewing 1 replies (of 1 total)
  • The topic ‘Site Lockout Notification even after custom login URL and whitelisted IP’ is closed to new replies.