Unusually high blocked logins attempts

  • Resolved josiegamble

    (@josiegamble)


    7 years, 11 months ago

    Hi there,
    I use the free wordfence security plugin on a lot of sites I’ve built for clients, however one site inparticular is getting a very very high amount of blocked login attempts. The site has a very strong password and username but it’s concerning that the site has had over 500 blocked login attempts in the last month. I have set the setting to limit login attempt to 5.
    Should I be concerned? Is there anything I can do to stop these login attempts. This site has s woo commerse shop in it, does that make it more of a target than other sites?

    regards
    Josie

    https://wordpress.org/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)
  • wflandon

    (@wflandon)

    7 years, 11 months ago

    Hi josiegamble,

    I have not seen any sites targeted because of Woocommerce specifically. However, anytime there is a plugin with known vulnerabilities it will attract a lot more attention to the site. I would just confirm everything is up to date and there isn’t any installed plugins with known vulnerabilities. Including inactive plugins! It sounds like you have tighten your security settings which is good. You might look at the Advanced Blocking page if you see any patterns to the attacks. However, once you are on their list, you could be on that list for a while. At least until they figure out its a lost cause and move on.

    Hope that helps.

    mountainguy2

    (@mountainguy2)

    7 years, 11 months ago

    Obfuscate and be done with it, there are way more important things than dealing with criminals trying to brute force your login and using up all that bandwidth. Install plugin “WPS Hide Login.”

    Login obfuscation should be built into WordPress core, but of course the WordPress developers are more concerned with things like how the edit screen looks than with totally obvious security fixes for things that have literally been going on for years, so we have to do it ourselves.

    MTN

    wflandon

    (@wflandon)

    7 years, 11 months ago

    We have gotten requests to add that as a feature. I am not sure it is officially on the roadmap. However, there are quite a few plugins that hide / move the login, as mountainguy2 mentioned, and work well with Wordfence.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Unusually high blocked logins attempts’ is closed to new replies.