Are you seeing this with WordFence?
I had the same issue, but the attacks were made through xmlrpc.php
. If you don’t use RPC, add this to .htaccess:
# XMLRPC Vulnerability protection
<Files xmlrpc.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
Also, there are plugins which block XMLRPC.
@ivanrf
I’m using Limit Login Attempts and get an email if somebody tries to login with wrong credentials.
I think that XMLRPC is used by the WP Android App, if I block it, it will block me as well. But if it continues, I will change the .htaccess.
Thanks for code!!!
@ivanrf
I just get a message that the IP 212.192.196.6 was blocked. In my access log I found this entry:
212.192.196.6 – – [29/Feb/2016:15:36:30 +0100] “POST /xmlrpc.php HTTP/1.0” 200 64087 “-” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0”
So xmlrpc is the way they take…