WordPress.org

Ready to get started?Download WordPress

Forums

Checking people against spam DBs at login (7 posts)

  1. DomenLo
    Member
    Posted 1 year ago #

    I've been experiencing quite a bump in wonderful people trying to brute force into the admin account lately (250 this hour) and was wondering:

    Does any plugin exist that would run on wp-login load and check these wonderful people against SFS or other databases and block them accordingly?

    Thanks!

  2. DomenLo
    Member
    Posted 1 year ago #

    LLA doesn't seem to be working since they're constantly changing IPs (every few tries). I have some sites running that and some running the alternative one, Login Lockdown.

    Thanks for the other link, will take a peek.

  3. David Choi
    Member
    Posted 1 year ago #

    You can also add additional security by using this plugin

    http://wordpress.org/extend/plugins/better-wp-security/

    there is an option to change the login URL to something else, so the brute force bots can't abuse the URL

    http://yoursite.com/wp-admin

    and will return as "page not found".

  4. DomenLo
    Member
    Posted 1 year ago #

    Ah, good idea. Will try that one out as well!

  5. LLA doesn't seem to be working since they're constantly changing IPs

    Doesn't matter if they are trying the admin account. Limit that account to one login attempt per 1000 hours in the plugin.

    If you're simply getting attempts on all accounts, you want to limit by IP; thus, fail2ban

  6. DomenLo
    Member
    Posted 1 year ago #

    Most of them are hitting either admin or administrator and doing super-retarded password combos (scooter, 123123123, qwertyuiop).

    So I think the combination of those two (I think BWS actually replicates functionality from LLA) should "calm things down" :)

    I really appreciate your help!

Topic Closed

This topic has been closed to new replies.

About this Topic