Scott Dayman

New sites are just as much of a target as old sites. Attackers somehow find them all.

In the Wordfence Options page, have you enabled “Immediately lock out invalid usernames”? I have that set *and* just above that set the lockout to 60 days. I don’t remember the default, but it’s pretty low.

Do they show up in the Blocked IPs section? They’d usually show up in the “IPs Locked Out from Login.” If they’re repeat offenders, you may have to scroll down and look for their Last Login Attempt timestamp.

Thanks Barnez for that link. It seems to have helped with my cron key mismatch problem. I don’t keep my browser open, and the cron key error happens at all hours. For some reason, bumping up the update interval to 30 seconds fixed the problem. And if 30 seconds is good, 60 is even better.

My settings at the bottom of the options page are:
Memory: 90 Megs (server limit is 128, but my scans peak at 70 or so)

Max Execution Time: 30 seconds (Debug shows that Wordfence discovers the server’s limit is 30, then cuts it in half. I figure that giving it the full 30 reduces server load by not starting and stopping processes so often.)

Update interval: 60 (I don’t use Live Logging due to WFCache and really don’t need a second-by-second update on activities)

I’ve renamed my “admin” user via direct access to the database. They can try all the passwords in the world for “admin.” None of them will work. I feel your annoyance with watching brute force attacks waste resources.

The warning seems to say the 4MB is set due to the possibility of a timeout. I’d modify the define.php file and change the DUPLICATOR_SCAN_WARNFILESIZE entry to 5242880 (5 megs). If it times out, scale it back a bit. Wordfence may notice this modification and warn you about it, which you can Ignore. Remember that if Duplicator gets an update, it’ll reset the limit back to 4MB.

The file you’re asking about looks to be a listing of well-known browser agent strings.

Wordfence doesn’t support IPv6. I’ve disabled IPv6 on my sites because of this.

Thumbs up. Is it a particular part of your site they’re attacking?

I’ve cut way down on login attempts by blocking the login page with .htaccess. I added this bit after the Wordfence section of .htaccess

<Files wp-login.php>
order deny,allow
allow from xx.xx.xx.xx
deny from all
</Files>

The xx address is my home IP address. If there are others who need access, I insert additional “allow from” lines with their IP addresses.

My max execution time is now set to 29 and I’m still having this problem. I’ve turned on debugging and the cron error message looks to be showing up way before 30 seconds of a chunk of scanning beginning.

Wordfence seems to be on vacation this week. I suspect I’m having a similar issue, but haven’t seen Wordfence on this forum this week.

That looks like a cached file of a blog post on the site. I’m guessing that the blog post has comments, including some spam.