Brute Force Attacks

  • christkind

    (@christkind)


    10 years ago

    Hello,

    on my website http://www.klessath.de I have the plugin Theme My Login 6.4.4 in use. I am very happy with it.

    For about 2 months, my site is constantly attacked by brute force attacks. In the plug-in security settings I have the file wp-login.php disabled and the login attempts per hour to 3 limits per hour (blocking 12 hours).

    Nevertheless, the attacks do not stop. I have now collected information in WordPress forums and other WordPress technical papers. There various advice is given. U. a. Recommends to set secure passwords that 2-way authentication with the Google Authenticator or a password using the .htaccess file.

    Other approaches are to move WordPress into a subdirectory or disable the XML-RPC interface, in order to eliminate attack surface.

    Before I do that, I want to know how the plugin “Theme My Login” in harmony with it. I would be delighted to receive professional guidance and advice from you.

    Thank you.

    https://wordpress.org/plugins/theme-my-login/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Jeff Farthing

    (@jfarthing84)

    10 years ago

    I’m not excatly sure of what you’re asking…

    Mike

    (@thewordpressdude)

    10 years ago

    christkind,
    You might want to check out WordFence at https://wordpress.org/plugins/wordfence/. You can block attackers and even disable them from accessing your site by their IP number. It’s worked well fur us.
    Thanks,
    Mike

    Thread Starter christkind

    (@christkind)

    10 years ago

    @mike: Thanks for your tip. On my system, the XML-RPC API was attacked. Meanwhile I have found a solution. I have this API disabled with the WP-Plugin “Disable XML-RPC”.The attacks have ceased.

    @jeff: I just wanted to know how TML responded to the 2-way authentication with the Google Authenticator and a password using into the .htaccess file, or disabling the XML-RPC file.

    Plugin Author Jeff Farthing

    (@jfarthing84)

    10 years ago

    I wouldn’t know. Do let us know if it works for you.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Brute Force Attacks’ is closed to new replies.