My solution has worked well. Install plugin “WPS Hide Login” and test. If it works, add wp-login.php to Wordfence Options under “Immediately Block IPs That Access…” and you’ll be able to watch all those bots get blocked. If your blocked list gets too cluttered up with that, you can block access to wp-login.php by placing some items into your .htaccess file, again, after you install “WPS Hide Login.”
You can of course use Wordfence to block IPs that attempt to use any username you choose to enter into the Wordfence settings for that, but that’s whack-a-mole compared to the nuclear option described above.
Let us know how it goes. Login attacks are something that should have been totally eliminated years ago by WordPress installing itself with random login access filenames. But alas, it’s up to us to spend hours fiddling around blocking attacks that’ll probably never really breach our websites, but nonetheless use up bandwidth we pay for and clutter up our log files.
Thread Starter
sjo007
(@sjo007)
Many thanks for the reply and the help – much appreciated.
My site is a membership one with about 150 members and there is a Members Login Menu item so I need to check that that plugin will not affect my members logging in.
Each time the bot accesses the site it is with a different IP address which is frustrating. It is just sad that people have little else to do !
Thanks once again for the suggestions.
Best regards,
sjo, you mention country blocking in your first post. In my experience it’s worth paying for if you can do it without limiting your desired human site traffic all too much. You can also find it for free, but rather than trying to get around paying the Wordfence folks for their hard work, perhaps it’s more seemly to just go premium… and it eliminates adding a plugin, always a good thing in our wonderful world of plugins… Some sites need traffic from Ukraine, China and Nigeria, some don’t. If you don’t, blocking them and many others can have an amazing effect on limiting how much bandwidth and time the register bots are taking out of your life. “Experts” will tell you that country blocking is wrong and that hackers just go around it. The experts are wrong. It works, when combined with other strategies of course. MTN
Thread Starter
sjo007
(@sjo007)
Many thanks MTN – I have just bought a premium key and blocked the majority of the countries. Fingers crossed it works – Thanks for the advice.
Best wishes,
Sounds good. If you can country block it can be your first line of defense. I manage a couple of very regional websites that block nearly every country in the world, for a HUGE reduction in bandwidth that would otherwise be stolen by criminals. It’s pretty funny reading about all the idealists who want to “connect the world to the internet.” One has to wonder what all those billions of new internet users are going to use it for? I can easily guess. MTN
Glad you were able to find a solution before I showed up. 🙂 Thanks for the help mountainguy2!
