WordPress.org

Ready to get started?Download WordPress

Forums

The "admin" login ... (9 posts)

  1. jeffbot
    Member
    Posted 1 year ago #

    Hi folks,

    I've recently noticed an increase in the number of attempted brute-force logins on wp sites I manage. Most, if not all, try username | admin | and then try passwords.

    I don't have a user named admin (of course) and I've added security plugins/beefed up all pws.

    I've been looking for a way, though, to instantly block any further login attempts from anyone trying to use |admin| as a user name? Like, one strike and out. I haven't come up with anything. Any thoughts or help? Thanks.

  2. catacaustic
    Member
    Posted 1 year ago #

    I know that Wordfence has an option that blocks any IP that attempts to logs in with a non-existant username. That may or may not be compatible with the plugins that you're alreayd uisng. One word of advice though... Security plugins are a little bit like anti-virus programs on your PC. Anything more then one will cause problems at some time so it's best to choose one that will do what you want it to rather then have two, three or more that are all competing to do the same thing.

  3. jeffbot
    Member
    Posted 1 year ago #

    I actually only added one security plugin per site ... testing to see what I like best. ;) I had not run across Wordfence though ... will go look. Thanks for that.

    It just seemed to me that someone MUST have, once looked at all those attempts coming in as "admin" and said, "I'm gonna really fix that." But maybe not the way I was thinking. Or maybe it's harder than I was thinking ... seemed to me that somehow: IF user=admin and pw=anything, THEN destroy ... well, that seemed like a good if/then ...

  4. webvitaly
    Member
    Posted 1 year ago #

    Try Limit Login Attempts. It gives only few tries to login from same IP.

  5. jeffbot
    Member
    Posted 1 year ago #

    I'm currently liking Login Security Solution .

    Though I'd still rather be able to instantly toast anyone who tried the admin login.

  6. nickzee
    Member
    Posted 1 year ago #

    I've also been getting hammered by login attempts the past week.

    For all my websites, I create a new admin user, and then delete the default "admin" profile.

    Then in Wordfence check the box that automatically locks out invalid user names.

    You can also block an IP range in Advanced Blocking. Just copy the IP that was blocked, remove the last number and add a 0 and 255. Like this,
    198.144.96.0 - 198.144.127.255

  7. CoachMag
    Member
    Posted 1 year ago #

    My sites have been getting hit really hard as well.
    I'm using Wordfence on all. And although nickzee is right, I could block out whole IP ranges, I fear at this rate I'll have half the globe blocked out in no time.

    As an extra layer of security, I've also been blocking these IP's through cPanel's "IP Deny Manager". But I have to add to this list daily, sometimes dozens of IP's per day, as more and more new baddies crop up. It works, but it's very time consuming to do this for several websites.

    What I find strange is one of the sites is a new domain (few weeks old), and that site hasn't even gone live yet. It's just got an Ultimate Coming Soon plugin page as a placeholder to the public view. How'd the attackers find it already?

    Will be following this thread as I'd like an easier way to deal with this issue, too.

  8. jeffbot
    Member
    Posted 1 year ago #

    I know these attacks have been going on forever. But either it only caught up to me in the last few months or they've become ubiquitous. I have three or four sites that get hit at least once a week, and they are hosted on different servers.

  9. esmi
    Forum Moderator
    Posted 1 year ago #

    I know these attacks have been going on forever.

    There appears to have been a major upsurge in the number and size of attacks in the last couple of days - judging by some of the posts I'm seeing across the forums. In some cases, hosting companies are struggling to cope with major attacks across their networks.

Topic Closed

This topic has been closed to new replies.

About this Topic