Still receiving failed logins despite lockdown

  • Resolved simco

    (@simco)


    8 years, 2 months ago

    One of the sites we host was just moved from Hostgator to our servers. We always install AIO security as one of the first steps in new accounts. And, we always activate the brute force settings AND the hide login setting PLUS disable pingbacks to the XML-PRC.

    Despite doing these things we are still getting multiple failed login notifications at the rate of about 40 per day for this new site. Primarily they are due to using a username that doesn’t exist (they switch between ‘test’ and ‘admin’).

    So, we tried adding CAPTCHA to the login form. Same results.

    So, we set up two-step authentication via Google Authenticator. Same results.

    Nothing we do is stopping them from submitting the login form. It’s like they have bypassed the need to even arrive at the login form (which is cloaked with a different URL) and are hitting the wp-login.php file directly. But, when I attempt to reach it directly I get a 404 error. So I don’t see how they can be doing that either.

    HOW can they continue attempting logins when we’ve taken all these measures?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Contributor wpsolutions

    (@wpsolutions)

    It is highly likely that they are targeting your xmlrpc file and not your login page.
    Have you tried enabling the pingback protection feature in the firewall menu?

    Thread Starter simco

    (@simco)

    I have everything enabled with the exception of full blocking of the XMLRPC file. We had the optional box checked since we do use Jetpack and other features. As a test, I enabled the full block option and now it appears so far that the attempts have stopped. So apparently the ‘partial’ option doesn’t protect against that constant pinging of the login?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Still receiving failed logins despite lockdown’ is closed to new replies.