wp-login.php page loaded over and over

  • doylegirl

    (@doylegirl)


    5 years ago

    I have about 30 wordpress sites on a very large server with plenty of space. 99% of the time the server functions fine.

    My WF logs on all the sites show that wp-login.php is loaded by various IPs throughout the day. However username/pws are rarely entered. It seems the bots load the page, switch IPs over and over throughout all websites, thus crashing the server. I have to call hosting and they re-boot the server. He says the wp-login.php page loading attempts are what crash it.

    I have the WF firewall enabled and very strict setting on each site throttling/blocking between 15-60 attempts for each setting.

    Is there anything else I should set to help this issue? Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • wfdave

    (@wfdave)

    Hi @doylegirl,

    If the IP addresses are constantly changing, there’s not much you can do about the surge in traffic. WordPress plugins in general cannot prevent DDOS attacks, but can block out single IP addresses or IP ranges.

    Are you noticing any similarities with the IP addresses that are visiting wp-login.php?

    Dave

    Thread Starter doylegirl

    (@doylegirl)

    Hi Dave,

    No they are all different IPs. I have about 40 WP sites on one server with the free version of WordFence. The site has plenty of resources until a DDOS attack.

    The host says the attackers target many of the sites’ wp-login.php page from various IPs simultaneously.

    I also have xml-rpc disabled but it looks like that page xmlrpc.php has a green dot next to it in the live feed (from various countries). Is that normal?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘wp-login.php page loaded over and over’ is closed to new replies.