WordPress.org

Ready to get started?Download WordPress

Forums

NinjaFirewall (WP edition)
[resolved] Continuous POST /wp-login.php how to stop? (5 posts)

  1. kpawson
    Member
    Posted 6 months ago #

    I've been getting continuous POST wp-login.php attempts for the past 4 days now on two WP sites that I have. Running IDS SNORT on the backend and get the alerts so that's how I can see login attempts of username admin and various passwords.

    Don't have any usernames of admin, however I really want to stop these posts and have tried several methods. The best so far has been using Ninja Firewall, so thanks for creating this excellent plugin!

    I've set the lockout to 99min, but they keep coming back, is there anything else that I can try or do?

    Thanks

    https://wordpress.org/plugins/ninjafirewall/

  2. nintechnet
    Member
    Plugin Author

    Posted 6 months ago #

    Hi,

    You can leave it that way, or set the login protection to "Always ON".

    It seems you are facing one of those dumb bots that will keep trying all passwords for days before they give up. There is nothing else to do, NinjaFirewall protects the page against the brute-force attack and it should not use a lot of server resources.

  3. kpawson
    Member
    Posted 6 months ago #

    Thanks for that, I've now turned it on to "Always ON". However I still see two more alerts show up after about an hour from changing it to Always On.

    Will look into the post string further, but I really don't see how their post can get past the login protection banner prompt... if I do it manually and click cancel then perhaps they can try add post again?

    Many thanks
    Keith

  4. nintechnet
    Member
    Plugin Author

    Posted 6 months ago #

    When they call the page, they will get a '401 Unauthorized' error code.

    In your HTTP logs, you should see their request + the HTTP error code.

  5. kpawson
    Member
    Posted 6 months ago #

    Yep I see the 401 so that's all good. Have finally stopped it with using CloudFlares page rules, nothing from Snort in over 4 hours now.

    Thanks again for your help and response and one thing good that came from this is that I found your excellent Firewall! Keep up the great work.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.