xmlrpc.php and login attacks from some botnet
-
Hello, I’m using WordFence on a multisite WP (set with sub-folders) and I can’t understand for which site exactly there are so many attempts to login, because WF only reports for the main website.
I’m getting hammered from about one hundred IPs each day from all over the world, WordFence is blocking them with the rule “lock invalid usernames” because they try to login as “test”, but the link they use points to xmlrpc.php
What does that means?I also suggest that WordFence adopt the same time format in every log, not using different GMT and day formats because it’s difficult to match the logs! I mean it should only use the date/time settings of the server. Now I see one log using GMT +00 (when you click on a blocked IP), and another using a different notation (in the automatic email I receive with the alerts).
- The topic ‘xmlrpc.php and login attacks from some botnet’ is closed to new replies.
