Title: Attack? Last modified: April 19, 2018 --- # Attack? * Resolved [wpprup](https://wordpress.org/support/users/wppraesenz/) * (@wppraesenz) * [8 years, 1 month ago](https://wordpress.org/support/topic/attack-3/) * Hello, me again, obviously I am in a bad luck now. Having installed NF I had two registrations as users in my admin! Never before in all these years. One after another, in between them I changed the password (a really secure one). Despite that – and despite NF, they got into my account! * There was an email adress as username but no user roll set (admin, author etc.). What do you suggest, this “Brute Force Attack” setting or even “Always On”? What are the disadvantages of this? And what do I write into “User” and “Password”, a second, totally new one and is this the one I have to use for my regular login? Or only when I cannot login myself? Sorry for all these questions, but this alien attack is not so funny… Thanks for help! - This topic was modified 8 years, 1 month ago by [wpprup](https://wordpress.org/support/users/wppraesenz/). * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fattack-3%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [8 years, 1 month ago](https://wordpress.org/support/topic/attack-3/#post-10199416) * Hi * > There was an email adress as username but no user roll set (admin, author etc.). * Did you receive an alert from NF? Do you see anything in the firewall log (search for “Blocked privilege escalation”)? * To protect the admin: 1. Set the Login Protection to “Always on. 2. Create a username and password. DONT USE your admin login/password, create a NEW ONE, just for the login protection. * When you will want to log in, you will get the brute-force protection page first: * Enter you brute-force protection login/password, and then you will be redirected to the WP login page where you can enter your WP admin name and password. * Thread Starter [wpprup](https://wordpress.org/support/users/wppraesenz/) * (@wppraesenz) * [8 years, 1 month ago](https://wordpress.org/support/topic/attack-3/#post-10199704) * Thank you very much again. A member of a WP forum had the brilliant idea that it could be the newsletter pop up plugin! The email address a subscriber inserted was transformed into a user account in the admin!! ?? (I am using the plugin for months and this did not happen.) How this can happen I really do not know and I will contact the plugin support. Yes, NF informed me per mail that the entries happened. But shouldn´t it stop such a process? * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [8 years, 1 month ago](https://wordpress.org/support/topic/attack-3/#post-10200909) * NinjaFirewall blocks privilege escalation attempts (that’s why your user has no role, it was blocked), but it does not block account creation because many plugins must be able to create account. But because the account has no role, it cannot do anything, it is harmless. * > How this can happen I really do not know * It looks like you may have a vulnerability, and you see it now because NF blocked the attempt. * > NF informed me per mail that the entries happened. * Can you post the notification here? * Thread Starter [wpprup](https://wordpress.org/support/users/wppraesenz/) * (@wppraesenz) * [8 years, 1 month ago](https://wordpress.org/support/topic/attack-3/#post-10201089) * I have contact with the support of the plugin. The settings of the silders in question were: Set user role for subscriber: “none”. * The NF notification (anonym.): (engl. New user registration on your website) * “Neue Benutzerregistrierung auf deiner Website PraeSenZ: * Benutzername: [xyz@gmx.net](https://wordpress.org/support/topic/attack-3/xyz@gmx.net?output_format=md) * E-Mail: [xyz@gmx.net](https://wordpress.org/support/topic/attack-3/xyz@gmx.net?output_format=md)” * That I see the vulnerability above all is much more caused by seeing the new users in my account… 😉 Thanks. * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [8 years, 1 month ago](https://wordpress.org/support/topic/attack-3/#post-10201760) * Indeed, the notification you received is not related to NF privilege escalation protection, that’s a good news. * Thread Starter [wpprup](https://wordpress.org/support/users/wppraesenz/) * (@wppraesenz) * [8 years, 1 month ago](https://wordpress.org/support/topic/attack-3/#post-10210399) * Thanks for your support. There is/was obviously a bug in this convertplus plugin. pooh… 😉 Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Attack?’ is closed to new replies. * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137) * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/) * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/) ## Tags * [attack](https://wordpress.org/support/topic-tag/attack/) * 6 replies * 2 participants * Last reply from: [wpprup](https://wordpress.org/support/users/wppraesenz/) * Last activity: [8 years, 1 month ago](https://wordpress.org/support/topic/attack-3/#post-10210399) * Status: resolved