BEST PRACTICE: Attack

  • CamZL1

    (@danishhaidri)


    6 years, 8 months ago

    I had 1,494 recorded attempts using different usernames coming from the same IP. Thank god WF blocked them. However how do i prevent this from happening again? more importantly how can i prevent this block to activate before 1,494 attempts? Is there a control for this?

    Second part of the question is; is there any body that regulates this? Can we report this to someone so others don’t get effected?

    • This topic was modified 6 years, 8 months ago by CamZL1.
Viewing 6 replies - 1 through 6 (of 6 total)
  • retrochansmith

    (@retrochansmith)

    6 years, 8 months ago

    I have been having this too. I am not sure if these are real attacks or just showing up in the list or not. I have a new website that is very small and low viewers because it’s new. Not sure what is going on. I even had attacks today. It has even shown attacks from the same server localhost.

    Thread Starter CamZL1

    (@danishhaidri)

    6 years, 8 months ago

    Hello @Wordfence can you please reply.

    Thread Starter CamZL1

    (@danishhaidri)

    6 years, 8 months ago

    CAN ANYONE FROM WORDFENCE ANSWER THE QUESTION!!!!!

    WFGerroald

    (@wfgerald)

    6 years, 8 months ago

    Hey @danishhaidri,

    This sounds like a brute force attack. It also seems like Wordfence is blocking them, but it will continue to record the attempts. There’s only so much we can do to prevent attacks; it’s more about making sure they aren’t successful, which it sounds like Wordfence is doing.

    Please let me know if you have any other questions.

    Thanks,

    Gerroald

    Thread Starter CamZL1

    (@danishhaidri)

    6 years, 7 months ago

    @wfgerald I agree that WF has blocked the attack!! However are there any best-practice brute-force settings that i can use to ensure that all time-out settings and blocks are correctly configured?

    Plugin Support wfscott

    (@wfscott)

    6 years, 6 months ago

    @danishhaidri

    Sorry for the delay in responses.

    As far as best practice Brute Force settings, I recommend using strict settings in a case like this, such as 3 login attempts, 1 or 2 password resets attempts, counted over 1+ hours, and a lockout of 30+ minutes. In the case where there was a high number of attempts like you mentioned, this should thwart these occurrences — between the settings, and using a strong password and ideally 2FA.

    Let us know if you have any other questions.

    Scott

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘BEST PRACTICE: Attack’ is closed to new replies.

Tags