Title: Authorization attempts
Last modified: February 3, 2022

---

# Authorization attempts

 *  Resolved [duber777](https://wordpress.org/support/users/duber777/)
 * (@duber777)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/authorization-attempts/)
 * Hello.
    The site runs on an IIS web server. Through the IIS management console
   I blocked access to the site’s admin panel to everyone except local IP addresses.
   Why, after these steps, entries with external IP addresses continue to appear
   in the Invalid Authorization Attempts section?

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Support [vupdraft](https://wordpress.org/support/users/vupdraft/)
 * (@vupdraft)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/authorization-attempts/#post-15330392)
 * Hi,
 * Do you mean the “Failed login reports”
    Have you tried Whitelisting the IP’s 
   in the Brute force section? It sounds like your ISS webserver is not filtering
   the IP’s as it should do.
 *  Thread Starter [duber777](https://wordpress.org/support/users/duber777/)
 * (@duber777)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/authorization-attempts/#post-15331468)
 * Yes, I meant it.
    I tried to add IP to the white list, but it does not work. 
   I suppose, due to the fact that I have an IIS web server and there is no .htaccess
   file. Instead, there is a web.config. I also assumed that brute-force goes through
   XML-RPC, but after disabling it, the attacks continued (checked with XML-RPC 
   validator), for the same reason that this plugin function does not support working
   with the IIS web server. Last idea: IIS blocks access only to the wp-admin address,
   but access via wp-login.php remains open. Completely deleted this file from the
   root of the site. After some time, I will return to the place, go to the plugin
   and look “Failed login reports”.
 *  Thread Starter [duber777](https://wordpress.org/support/users/duber777/)
 * (@duber777)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/authorization-attempts/#post-15334084)
 * UPD: Won.
 * After deleting wp-login.php brute force continued.
    After that, I assumed that
   the attack is using the XML-RPC method. In addition to the steps in this article:
   [https://www.bluelightdev.com/wordpress-restrict-access](https://www.bluelightdev.com/wordpress-restrict-access)
   i also denied access to the xmlrpc.php file. After that, for a whole day, not
   a single attempt to guess passwords.
 * Nevertheless, I have a wish to the developers – to add support for IIS web servers
   to the plugin in terms of access restrictions. Of all the other plugins that 
   I have tried, none of them can interact with IIS.
 *  Plugin Support [vupdraft](https://wordpress.org/support/users/vupdraft/)
 * (@vupdraft)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/authorization-attempts/#post-15338651)
 * Hi,
 * I will put a note on our internal board to look at this.
    We are currently moving
   away from the writing rules in the .htaccess to make the plugin more accessible
   for those not using an apache server.
 *  Thread Starter [duber777](https://wordpress.org/support/users/duber777/)
 * (@duber777)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/authorization-attempts/#post-15340026)
 * Hi. Thanks for feedback.
    Keep in touch.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Authorization attempts’ is closed to new replies.

 * ![](https://ps.w.org/all-in-one-wp-security-and-firewall/assets/icon-256x256.
   png?rev=2798307)
 * [All-In-One Security (AIOS) – Security and Firewall](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/)
 * [Active Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/)

 * 5 replies
 * 2 participants
 * Last reply from: [duber777](https://wordpress.org/support/users/duber777/)
 * Last activity: [4 years, 3 months ago](https://wordpress.org/support/topic/authorization-attempts/#post-15340026)
 * Status: resolved