jorgecerda

The amount of attacks since I installed the captcha plugin have been reduced, however, I’m still receiving Wordfence notifications.

Today I added .htaccess password protection to /wp-admin/.
In case you decide to implement this as well, remember to add the the following lines to your /wp-admin/.htaccess file to avoid regular visitors on the public page to see a login window:

<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>

Will keep monitoring and update the thread tomorrow…

Hi everyone, I just found a simple solution to place on top of the WordFence settings:

1. Install the NO CAPTACHA reCAPTCHA plugin
2. You will need TWO keys from https://www.google.com/recaptcha
3. Enter the KEYS and enable ALL settings

Now you will have an extra step to stop the bots from trying to login.

https://prntscr.com/6biws4

I can confirm marek’s range of IP’s work. It does not block all attempts but so far I have blocked 55 attempts: https://prntscr.com/6ah689

On a side note, I was trying to block the access to /wp-admin/ via CPANEL to add an extra security later, however, Wordfence is not allowing me to do this because of this line:

/wp-admin/admin-ajax.php?action=wordfence_logHuman&hid=…

Once the folder passwords is active, all visitors are prompted with the user/password window that should only appear on /wp-admin/

Any ideas?