Hi girlieworks
that’s brilliant, thanks a whole lot.
I tried
<Files xmlrpc.php>
order deny,allow
deny from all
allow from my.own.static.IP
</Files>
and the Wrong Password events went away immediately I think. Witness today’s result of my GROUP BY query on the Activity Log table:
date wrong password count
2016-08-08 2
2016-08-11 2
2016-08-17 1
2016-08-18 1
2016-08-19 2
2016-08-22 792
2016-08-23 1404
There is no row for today because no Wrong Passwords have been detected.
Interestingly, since I removed the xmlrpc.php deny from all rule to see what would happen the Wrong Passwords have not returned. Maybe the Brute Force attacker gave up and moved on ?
But I will know what to do if they return.
Thanks to you.
John
??