Support » Plugin: iThemes Security (formerly Better WP Security) » Bad Login attempts, All Lockouts – more info needed

Viewing 3 replies - 1 through 3 (of 3 total)
  • Craig Hesser


    I have the same request as sgb02, but I also need some more information on what is reported now:

    In a few instances, I get a report on the “Bad Login Attempts” that the Username Attempted was “username”. Does this mean that the attempted highjacker was successful in finding the username for the site? Or does it mean that the highjacker used the term “username” instead of (for example) the term “admin” or “administrator”?

    I have some pretty complex user names (all dark green on the username scale), and I would be surprised if a highjacker were successful in finding that, but not the password.



    Good suggestions. Hope the developer will see this page.

    Craig Hesser


    Hi sgb02,

    I think there is a way to do part of what you want to do.

    If you set the maximum number of bad logins before a viewer is black-listed to 1, but then set the lockout time at a very low number, the blacklist report will give you the IP address of the offending attempt, but won’t lock you out for very long if you accidentally hit the wrong key while logging in.

    You would have to go through the list and use the manual lockout list to get rid of the bad guys. A little more work, but more information.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Bad Login attempts, All Lockouts – more info needed’ is closed to new replies.