Title: Attacks
Last modified: August 30, 2016

---

# Attacks

 *  [scottkr24](https://wordpress.org/support/users/scottkr24/)
 * (@scottkr24)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/)
 * For the past few days pretty much all day long three of my WP sites are being
   attacked. I have more than 3 WP sites but the 3 are the ones being attacked the
   most. Constant emails WF is sending me to let me know. I go into WF and see the
   IP that’s doing it and it says that WF blocked it then I do Permanent Block.
   
   What the heck is going on? This is getting crazy and taking time away from other
   tasks.
 * [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/)

Viewing 14 replies - 1 through 14 (of 14 total)

 *  [themadproducer](https://wordpress.org/support/users/themadproducer/)
 * (@themadproducer)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637564)
 * [@scottkr24](https://wordpress.org/support/users/scottkr24/)
    I think I’ve made
   a new nick name for this. **RBFA** Relentless Brute Force Attack. Especially 
   when a single IP BOT is trying to access wp-login.php and is being blocked by
   WF yet continues to try like an idiot.
 * You should change the notification frequency of WF.
    Believe me, I can relate.
   Recently, I literally spent 2 solid weeks night and day, testing security options
   to deal with this relentless type of hammering. WF has really helped. [https://wordpress.org/support/topic/3000-brute-force-attack-single-blocked-ip-503?replies=14](https://wordpress.org/support/topic/3000-brute-force-attack-single-blocked-ip-503?replies=14)
 *  [gilbodavid](https://wordpress.org/support/users/gilbodavid/)
 * (@gilbodavid)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637578)
 * Actually they can get in. Ive just had it happen to me. They’ve got in past wordfence,
   duo and /wp-admin changing plugin, and are presently doing what they like in 
   my main site. Nightmare
 *  Plugin Author [WFMattR](https://wordpress.org/support/users/wfmattr/)
 * (@wfmattr)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637592)
 * [@scottkr24](https://wordpress.org/support/users/scottkr24/): The suggestion 
   from themadproducer is usually helpful, to reduce mail volume — you don’t always
   need to block every IP manually, but it can help if the same IPs keep coming 
   back. You can also set the amount of allowed attempts lower, if you want them
   to be locked out sooner, as long as it’s not too low for yourself (in case of
   typos) or if you have anyone else log in on your site. Most attackers will give
   up after a while, but some do go on for quite a long time.
 * [@themadproducer](https://wordpress.org/support/users/themadproducer/): Thanks
   for pitching in again!
 * [@gilbodavid](https://wordpress.org/support/users/gilbodavid/): Sorry to hear
   about the hack — if they got past Wordfence and you didn’t have a simple password
   like “password” that they may guess on the first attempt, there is likely another
   method. Sometimes it is an FTP or hosting account password, outdated plugins 
   or WordPress version, or another site in the same hosting account that is out
   of date. (Even other sites like Joomla or Drupal with outdated software can cause
   a cross-infection, if they’re on the same hosting account.) It may also help 
   to review our guide here: [How do I clean my hacked site using Wordfence](http://docs.wordfence.com/en/How_do_I_clean_my_hacked_site_using_Wordfence%3F)
 * -Matt R
 *  Thread Starter [scottkr24](https://wordpress.org/support/users/scottkr24/)
 * (@scottkr24)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637594)
 * [@wfmattr](https://wordpress.org/support/users/wfmattr/)
 * You said You can also set the amount of allowed attempts lower, if you want them
   to be locked out sooner,
    Where do I find this settings?
 *  [themadproducer](https://wordpress.org/support/users/themadproducer/)
 * (@themadproducer)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637598)
 * OPTIONS>Login Security Options
    My settings are aggressive… Lock out after how
   many login failures…3 Lock out after how many forgot password attempts…3 Count
   failures over what time period…1 day Amount of time a user is locked out…30 days
 *  Thread Starter [scottkr24](https://wordpress.org/support/users/scottkr24/)
 * (@scottkr24)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637599)
 * You heard of this plugin?
    [https://wordpress.org/plugins/wp-cerber/](https://wordpress.org/plugins/wp-cerber/)
   and if so will it have any effect on WF not doing its job?
 *  Thread Starter [scottkr24](https://wordpress.org/support/users/scottkr24/)
 * (@scottkr24)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637601)
 * Mine by default is set to
 * Lock out after how many login failures 1
    Lock out after how many forgot password
   attempts 1 Count failures over what time period 5 minutes Amount of time a user
   is locked out 5 minutes
 *  [themadproducer](https://wordpress.org/support/users/themadproducer/)
 * (@themadproducer)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637607)
 * If I might suggest…
    Hey, why not 2 or 3 login/password failures in case of a
   typo during login! That’s less of a hassle for you or your bloggers and adds 
   no weakness to the login protection scheme.
 * The COUNT FAILURES setting only pertains if login failures are set greater than
   1 so it actually doesn’t even come into play with your current scheme.
 * If you do raise FAILURES to 3 or more, then increase the lockout time. It stands
   to reason that after 3 failed login attempts, something suspicious is going on
   and it’s probably not you, (so why allow more frequent attempts), and even if
   it was you…you automatically get that brilliant WF blocking page that allows 
   you to reset the failed attempts by entering your WF admin email address.
 *  Thread Starter [scottkr24](https://wordpress.org/support/users/scottkr24/)
 * (@scottkr24)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637612)
 * So you saying I should change it from this
 * Lock out after how many login failures 1
    Lock out after how many forgot password
   attempts 1 Count failures over what time period 5 minutes Amount of time a user
   is locked out 5 minutes
 * To this
 * Lock out after how many login failures 2
    Lock out after how many forgot password
   attempts 3 Count failures over what time period 5 minutes Amount of time a user
   is locked out 5 minutes
 *  Thread Starter [scottkr24](https://wordpress.org/support/users/scottkr24/)
 * (@scottkr24)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637614)
 * You heard of this plugin?
 * [https://wordpress.org/plugins/wp-cerber/](https://wordpress.org/plugins/wp-cerber/)
 * wonder if it will work in tandem with WF w/o any issues?
 *  [themadproducer](https://wordpress.org/support/users/themadproducer/)
 * (@themadproducer)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637615)
 * This is what I recommend…
 * Lock out after how many login failures 3-5… (gives a human a reasonable
    amount
   of attempts without allowing bad BOTs too many opportunities)
 * Lock out after how many forgot password attempts 3-5… (same reason as above)
 * Count failures over what time period… 1-24hrs (I like 24hrs because if it’s a
   brute force attack, it can last for many hours, so this keeps all the WF operations
   and notifications down to a minimum….perhaps reducing server load)
 * Amount of time a user is locked out… 1 day or more (for the same reason as above)
 *  Thread Starter [scottkr24](https://wordpress.org/support/users/scottkr24/)
 * (@scottkr24)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637616)
 * I changed the PW from the WP Admin that generates it on its own since your not
   able to enter your own anymore.
    So now I can’t even get into the site because
   I get this…
 * You are temporarily locked out
    You have been temporarily locked out of this 
   system. This means that you will not be able to sign-in or use several other 
   features that may compromise security. Please try back in a short while.
 * Under this message you enter your email address and it sends you a message for
   logging in if you’ve been locked out. So I enter my UN and the new PW and the
   same thing happens a 2nd and 3rd time. Never lets me back in.
 * Now what? I didn’t change anything in WF.
 *  [themadproducer](https://wordpress.org/support/users/themadproducer/)
 * (@themadproducer)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637617)
 * WP Cerber?
    First time I’ve heard of it. If the black/white/list is not htaccess
   based or similar, then it’s probably redundant to the offerings of WF.
 * In WF, you can blacklist or ban access to specific files like wp-login.php but
   also then whitelist your IP. Same difference.
 * Briefly reading their opening description, they mention creating a custom login
   page different than the default wp-login.php. In my recent testing, I found this
   to be practically useless. Why? Stupid (old or poorly coded) bots will keep **
   taxing the server** with requests for the default file even if it doesn’t exist.
   There’s no hack attempt but it keeps knocking on the door.
 * By keeping the default location and trusting WF to do it’s job, then you get 
   the benefit of the report statistics and notifications when that file has been
   blocked from an attack.
 *  Thread Starter [scottkr24](https://wordpress.org/support/users/scottkr24/)
 * (@scottkr24)
 * [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637621)
 * Ignore my message about being locked out. I’m in now.
 * About WP Cerber, Ok.

Viewing 14 replies - 1 through 14 (of 14 total)

The topic ‘Attacks’ is closed to new replies.

 * ![](https://ps.w.org/wordfence/assets/icon.svg?rev=2070865)
 * [Wordfence Security - Firewall, Malware Scan, and Login Security](https://wordpress.org/plugins/wordfence/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordfence/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordfence/)
 * [Active Topics](https://wordpress.org/support/plugin/wordfence/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordfence/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordfence/reviews/)

 * 14 replies
 * 4 participants
 * Last reply from: [scottkr24](https://wordpress.org/support/users/scottkr24/)
 * Last activity: [10 years, 7 months ago](https://wordpress.org/support/topic/attacks/#post-6637621)
 * Status: not resolved