kcrawford25

Thanks for the update. For now I have disabled Brute Force Detection and plan to analyze the nginx logs.

In addition to requiring a client certificate to access the wp-login.php, I also have the following configuration in nginx to prevent access to xml-rpc:

	location ~* /xmlrpc.php$ {
		deny all;
	}

Looking at the number in the Brute Force Protection card today, it is up to 28,287 attempts blocked which is 910 more attempts than 4 days and 3 hours ago. This seems wildly inaccurate given the traffic this small site receives.

Hello,

Regarding this bug, has this been fixed? I am also having the same error where the <a herf > will have the blogspot url and the <img src> will have the correct WordPress url.