Wordfence Failed Logins

  • Resolved jpbond

    (@jpbond)


    3 years, 11 months ago

    Hello,
    I’m using Wordfence from the begining and WPS Hide Login for 2 weeks on my WordPress website.
    With WPS Hide Login, i’ve changed the default login url for a complex and unique url.
    But i don’t understand why i’m continuing to have failed logins on the Wordfence week report.
    How robots can find my login page ?
    Is there an other way to try to login without going through this login page ?
    Thanks for your help

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @jpbond, thanks for detailing your issue here and seeking assistance.

    Most automated login attempts will be done through XML-RPC or the WordPress REST API, therefore not requiring the front-end login page. Hiding the login page only slightly slows down somebody with malicious intent rather than stopping them. Our thoughts on obscuring the wp-login/wp-admin URL is discussed in this video: https://www.wordfence.com/blog/2017/10/should-you-hide-wordpress-login-page/

    You can look into Rate Limiting or Brute Force Protection to help tighten up your rules regarding these sorts of attempts.

    The setting to disable XML-RPC authentication can be done by checking the “Disable XML-RPC authentication” box in Wordfence > Login Security > Settings. Manual attempts to access the XML-RPC file itself are common to be tried by attackers so you could add the following code to .htaccess if you are certain no plugins you use (such as Jetpack) require access:

    
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

    Let me know how you get on, or if you have any further queries regarding any of these features!

    Thanks,

    Peter.

    @jpbond , I have been having the same issues – “But i don’t understand why i’m continuing to have failed logins on the Wordfence week report. How robots can find my login page ?”

    I have complained to WordPress – as also implementing WordFence, but this is stuffing up my logins as I have had to block 170 URLs as they keep finding a way to get a door – and appointing themselves as Admins…

    My SEO editor has been locked out now over 15 times ….THis has been crazy 10 days

    Thread Starter jpbond

    (@jpbond)

    Thanks for your help.
    i’ve modified settings about XML-RPC and added the Captcha security.
    I will check if failed logins will decrease from now.
    I would think about Woldfence premium, but 99$ per site per year it’s too expensive for me…

    Plugin Support wfpeter

    (@wfpeter)

    Hey @jpbond, no problem, I trust that will show to be working for you going forward.

    @audreyanderson If the details here are not a working solution for you, please feel free to start a new topic as per the forum guidelines. We can better help our customers if topics concentrate on the specific issues for a single user. We’ll always be glad to help!

    Thanks,

    Peter.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Wordfence Failed Logins’ is closed to new replies.