[Wordfence Alert] User locked out from signing in

  • Resolved 9twswvkxij

    (@9twswvkxij)


    2 years, 1 month ago

    I’m seeing lots of emails coming in saying that several different users have been locked out from signing in. These are clearly attacks on my site that wordfence is blocking.

    However, I have moved the login url using the plugin WPS Hide Login.

    As the login url is now something completely different, how are these attacks still happening? What method are they using to attempt the login?

    Has someone guessed the new url?

    Can we include the login url being used in the alert from wordfence?

    thanks !

    • This topic was modified 2 years, 1 month ago by 9twswvkxij.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @9twswvkxij, thanks for reaching out to us.

    We generally consider changing the login URL “security through obscurity”, so sometimes poses problems for services like Wordfence Central attempting to hit the login page of your site to authenticate – but this issue will never come up for some. You can see more about here if you wish to: https://www.wordfence.com/blog/2017/10/should-you-hide-wordpress-login-page/

    I’m not totally certain that your alternative URL has been exposed, it can be difficult to say, but is sometimes similar to the leaking of usernames. The best thing you can do from our and WordPress’ perspectives is enable reCAPTCHA / 2FA to fully secure any administrative user accounts that do exist in your WordPress installation. Also ensure your database and server administration passwords are complex.

    Perhaps logins are being attempted through XML-RPC authentication. You could try out the setting to disable XML-RPC authentication by checking the “Disable XML-RPC authentication” box in Wordfence > Login Security > Settings. You can also block this route entirely using .htaccess provided you don’t use the WordPress app or a plugin that requires it such as Jetpack:

    # Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

    Some users have seen attempts greatly reduced with that in place.

    I hope that helps you out!

    Peter.

    Thread Starter 9twswvkxij

    (@9twswvkxij)

    Thanks Peter, this really helps.

    Yes to complex passwords and I’ve renamed the admin user. Only have 2 users in total. A new administrator account and a user that owns the posts/content.

    Logins are being attempted by users “admin”, the user who owns the content (which is listed in the page source) and random user names.

    Thankfully Wordfence is catching these and is proving to be a wonderful tool for securing wordpress !!

    Plugin Support wfpeter

    (@wfpeter)

    Thanks @9twswvkxij, we really appreciate your positive feedback. If you have any other Wordfence questions in future by all means start a new topic and we’ll be glad to help out.

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Wordfence Alert] User locked out from signing in’ is closed to new replies.