User locked out from signing in Messages

  • Resolved jbuenger

    (@jbuenger)


    8 months ago

    Hi, I have defined a different login page than /wp-admin. Still I receive many of these alert mails from your plugin that bots / users have tried to login there… What should I do?..?

    This email was sent from your website “Kinder- und Jugendarztpraxis Baldham” by the Wordfence plugin at Wednesday 10th of July 2024 at 06:12:20 PM
    The Wordfence administrative URL for this site is:?https://kinderarzt-baldham.de/wp-admin/admin.php?page=Wordfence
    A user with IP address 35.199.25.228 has been locked out from signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 20. The last username they tried to sign in with was: ‘ismm’.
    The duration of the lockout is 4 hours.
    User IP: 35.199.25.228
    User hostname: 228.25.199.35.bc.googleusercontent.com
    User location: Washington, District of Columbia, United States

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @jbuenger, thanks for reaching out.

    I assume they were trying to login with /wp-login, which is available to me in a browser when looking at your site and also links to the lost password form that they have also been blocked from.

    We believe that hiding the WordPress admin URL is “security through obscurity”, merely slowing down an attacker slightly rather than stopping them altogether. A default admin URL where complex unique passwords, 2FA and reCAPTCHA are used in conjunction with a similar policy to password security for your hosting control panel, database, etc. should be a solid solution. Wordfence has done its job in the case you’ve raised here according to Brute Force/Rate Limiting settings, so is still looking after the routes into your site as expected and blocking malicious or excessive attempts.

    Thanks,
    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘User locked out from signing in Messages’ is closed to new replies.