Ban Users ; Failed Login Records
-
Hi,
Is there a way to automatically permanently add IP(s) under Blacklist Manager that fall under Failed Login Records?
I frequently have been seeing a lot of failed login attempts (all not legitimate as I have whitelisted the IPs that can access my wordpress admin site under Login Lockdown IP Whitelist Settings) at my website.
At the moment, I just made a policy under Login Lockdown Options to
– Max Login Attempts = 1
– Login Retry Time Period (min) = 10080
– Time Length of Lockout (min) = 131400
– Display Generic Error Message
– Instantly Lockout Invalid UsernamesBut in doing so, only gives them temporary blocking of my wordpress admin site, but not the site itself which I would want to do.
-
Hi,
Thank you for reaching out to us.
Is there a way to automatically permanently add IP(s) under Blacklist Manager that fall under Failed Login Records?
The plugin developers will investigate further your request.
I frequently have been seeing a lot of failed login attempts (all not legitimate as I have whitelisted the IPs that can access my wordpress admin site under Login Lockdown IP Whitelist Settings) at my website.
Do you have the Rename Login Page brute force feature enabled?
Do you have one of the following features also enabled in your site? They are located in WP Security -> Firewall -> Basic Firewall Rules -> WordPress XMLRPC & Pingback Vulnerability Protection.
Option1 = Completely Block Access To XMLRPC:
Option2 = Disable Pingback Functionality From XMLRPC:These features can help reduce the amount of login attempts to your site substantially.
Kind regards
Hi there,
I have not changed the Rename Login Page Settings yet.
Regarding options to try, here are already the existing settings under my Firewall prior to posting.
Basic Firewall Rules – all enabled
Additional Firewall Rules – all enabled
6G Blacklist Firewall Rules – checked 6G
Internet Bots – unchecked blocking of fake Googlebots (my SEO complained that my site traffic went down heavily)
Prevent Hotlinks – enabled
404 Detection – enabled ; Timeout 600 mins ; Lockout Redirect URL : http://localhostFor reference, here are my Login Lockdown settings
Unlock Requests – disablde
Max Login Attempts – 1
Login Retry – 10080 mins
Time of Lockout – 131400 mins
Display Generic Error Message – enabled
Instantly Lockout Invalid Usernames – enabled
Instantly Lockout Specific Usernames – (admin; test; etc)
Notify By Email – my email addI’ve even enabled Google reCAPTCHA and enabled all options under Login Captcha.
So far, given that setup, I am still getting quite a lot new IPs (under Failed Login Records) almost every minute which are random IPs that are not my target audiences (ex: Russia, Ukraine, Germany, etc).
Another question is…
Since there is a Login Whitelist option already, is it possible to block all IPs (0.0.0.0 or *) accessing my WP Login page. That way, WP Login will only be accessible only on whitelisted IPs?
The topic ‘Ban Users ; Failed Login Records’ is closed to new replies.
