wfchar

Hi,

Does this behavior go away if you disable or change the limits around your login settings under Firewall > Brute Force Protection? Also, are there any error messages that are appearing in logs around the times for these login attempts?

Would it be possible to get the steps needed to reproduce this issue along with the URL for the site as well?

Thanks!

Hi Darryl,

In order to determine for certain whether or not this is a false positive, we would appreciate if you’d archive these files and send them to [email protected] and we’ll let you know if there’s any further cause for concern.

Thanks!

I’d like to make sure I’m understanding your situation correctly — are you continuing to see 503 responses related to an IP address that is already being blocked by Wordfence until you also add an IP block on the server? Also, just to confirm, have you already run through the Wordfence firewall optimization process (outlined here: https://www.wordfence.com/help/firewall/optimizing-the-firewall/)?

When you go to Wordfence > Tools > Live Traffic, what are you seeing for requests for wp-login.php? There should be information about how Wordfence is handling blocking these requests.

If you’re comfortable with moving wp-login, moving the page is not a bad idea for helping bring down the amount of server resources lost to attempts on the default path. If there isn’t any need to have users logging in to the system, you can also just block the wp-login.php path or whitelist it for known, trusted IP addresses. I would also recommend double-checking your settings at admin.php?page=WordfenceWAF&subpage=waf_options and make sure you have reasonable settings for login failures and time windows for attempts and length of time for blocking.

Once you have Wordfence where you want it and have made any adjustments to the login page that you think are necessary, your server team may want to take a look at the overall performance of your server to make sure you’re not seeing resource exhaustion anywhere else as well. You may also want to check your caching strategies and look into other ways of offsetting server load, such as leveraging external caching through a CDN, which are great for helping reduce server load and a few offer useful additional tools and services as well.

Please let me know if you have any further questions!