emm386

I see lockouts quite frequently due to Invalid Login Attempts, but *never* see this reflected in the Daily Security Digest emails. The emails always say “no lockouts since the last email check”.

But this morning after dropping 404 Detection Error Threshold from 20 to 10, I had one IP get locked out due 10 404 Errors, and when my Daily Security Digest email showed up, it did “There has been 1 host locked out.”

So it doesn’t appear as if iThemes Security Digest counts Invalid Login Attempts.

Update: Apparently iThemes Security and our web server’s ModSecurity track hits differently. Whereas ModSecurity registered over 2100 hits from the bad IP in my previous post, there were only 12 hits in the 404 logs under iTheme Security. And I had 404 Detection Error Threshold set at 20 (default), so no lockout occurred.

Yesterday I lowered the Error Threshold to 10. This morning I noticed over 50 hits in the ModSecurity logs from an IP, and when I logged into WordPress, I see that same IP with only 10 hits, but this time iThemes locked the IP. So it looks like I need to drop 404 Detection Threshold to 10 for all my sites.