WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
How to block/ban immediately if someone uses 'admin' as user ? (8 posts)

  1. alfateam
    Member
    Posted 1 year ago #

    I see 99% of hackers try to use 'admin' as user. I need to instantly block access to login for such tries. How can I do that ? I'am tier to see every morning 100 emails from Wordfance with admin' user trying to hack my site.

    http://wordpress.org/extend/plugins/wordfence/

  2. W.P. Ginfo
    Member
    Posted 1 year ago #

    Perhaps you can write specific rules in .htaccess (in root of this site, not root of all hosted sites!) to prohibit access to certain web visitors (for example, all but you) Example:

    Order Deny,Allow
    Deny from all
    Allow from 111.111.222.333

    Check this out:
    https://httpd.apache.org/docs/2.0/mod/mod_access.html

  3. jwt2030
    Member
    Posted 1 year ago #

    I have an a setup like that blocking 9 countries. my .htaccess is 1mb and i am still getting different countries trying to use admin to log in ever sec to 3 times a sec, under different ips

  4. jwt2030
    Member
    Posted 1 year ago #

    Not many people use admin after they set up their WordPress. There should be a way to block people from ever using this user name.

  5. alfateam
    Member
    Posted 1 year ago #

    I don't see any block rule there based on user 'admin'. All I need is to block each time someone tries 'admin' .

  6. MickeyRoush
    Member
    Posted 1 year ago #

    I believe this plugin stops anyone using the "admin" username:

    http://wordpress.org/plugins/stop-spammer-registrations-plugin/

  7. James
    Member
    Posted 1 year ago #

    Agreed, the option to immediately ban anyone using 'admin' as an attempted username would be good? Presumably no-one uses 'admin' as their admin login name do they? So it's just the brute force attacks that try it, so surely then an ideal indication of an IP address that should be blocked straight away. No?

    On the other hand, there is the 'immediately block IP using a username that doesn't exist' option (paraphrasing, but it's called something like that). That immediately blocks IP trying their luck with an admin login for me as I have no user called admin. So maybe that is the solution?

    Regards, James

  8. RobinInTexas
    Member
    Posted 1 year ago #

    In the Wordfence options

    Login Security Options
    Immediately lock out invalid usernames

    is already there. If you don't have an admin user there's no feature needed.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.