EvanGoss
Forum Replies Created
-
Have you already looked at installing and configuring Fail2ban? You would need to complete that before you could make use of this plugin.
https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Installation
You may want to check out Wordfence instead of Fail2ban.
- This reply was modified 2 years, 10 months ago by EvanGoss.
Okay, thanks for clarifying.
I set the threshold to 1.0 so that any score below that is considered a bot. In my limited experience, the highest I’ve seen is 0.9, so setting the required threshold to 1.0 results in everyone being considered a bot. This was sufficient to get rejected when trying to login and trigger the verification email.
Here is what I saw after attempting to login:
VERIFICATION REQUIRED: Additional verification is required for login. Please check the email address associated with the account for a verification link.
Here is the email I received:
Subject: Login Verification Required
Please verify a login attempt for your account on Some Blog.
Request Time: December 13, 2019 10:01:23 AM
IP: 123.456.789.000The request was flagged as suspicious, and we need verification that you attempted to log in to allow it to proceed. This verification link will be valid for 15 minutes from the time it was sent. If you did not attempt this login, please change your password immediately.
You may bypass this verification step permanently by enabling two-factor authentication on your account.
Verify and Log In
I wasn’t sure if reCaptcha was running when the login page was requested or when attempting to login. I can now say that it doesn’t run until a login is attempted.
Thanks for your help Gerroald.
Okay, thanks. I didn’t want to turn it on and get a bunch of questions from users if bots attempt to login as them. Since I don’t know off-hand how to impersonate a bot, can you tell me any way to test it out? The only thing I can think of is changing the threshold score to 1.0. At the very least, I’d like to know what the email looks like so that I know what my users may see.
Thanks for getting back to me.
open_basediris empty.664 didn’t help.
I guess I’ll have to throw it on someone else’s lap at my org unless anyone has other suggestions.
In case it is relevant, this is a multisite setup. Everything in my original message is based upon what I see in the Network Admin Dashboard.
When I go to the dashboard of one of the sites, I see:
Error Log Monitor setup
To start logging errors you’ll need to make a few changes to the WordPress configuration.
“Use Recommended Settings” button
“Manual Configuration” buttonThis is a site that I’ve inherited and I’m pretty new to WordPress. Is there something relevant that I need to configure for each site?
- This reply was modified 5 years, 11 months ago by EvanGoss.