Hi, are you by any chance using the rename login page feature under Brute Force tab?
Hi,
Thanks for your prompt answer. No, I am using the blacklist manager. There are two options: either block ip addresses which I cannot do because they are all different or block ID which I use because all login attempts use the same name regardless of where they come from.
Hi, can you enable what I mentioned above? See if this works better for you.
Hi,
I did as instructed and so far no failed login was registered so it seems to work. I am going to miss all these visits from all over the world. More seriously the plugin states: “NOTE: If you are hosting your site on WPEngine or a provider which performs server caching, you will need to ask the host support people to NOT cache your renamed login page.”. Why is it so? Anyway I called my host and he said that of course they have a server cache but they could not remove the renamed login page because I have a shared-hosting plan. Is my page being cached a potential problem ?
Just for my understanding is there any particular reason why the “blacklist manager” did not work?
Thanks for your help and good advices.
Best regards
Hi, the Blacklist Manager does work but there are too many IP addresses range that someone can use to try and force their way into your login page. That is why this plugin also has a premium addon to totally block countries. There are many hackers from certain countries that seem to ruin the fun for others. So blocking that country can sometimes fix that issue. Besides some products are only sold locally so they don’t really need to be sold to people in other countries. If you receive intruders from other countries where you don’t do business with then blocking that country makes total sense to me π
Now back to the other question. Caching the login page with a secret word and if captcha is also enabled may cause problems when you try to login. So excluding the login page from caching is a very safe practice and one that will eliminate future head aches π
Let me know if you need more information or help.
Kind regards
-
This reply was modified 9 years, 3 months ago by
mbrsolution.
Hi,
So that everything is perfectly clear to me, one last question concerning the blacklist manager. As I said erlier, in my case I could not use the “enter IP addresses” option because there were so many and I tried to use the “enter user agents” instead. As all failed logins were due to a single “user name” , I thought that simply entering this name in the “enter one or more user agents strings” window was OK. But this did not work at all and I kept recording failed logins. Apparently I misunderstood something? But what?
Thanks a lot for your time and explanations.
Best regards
Hi, I don’t think you did anything wrong. However as per my last comment above there are other means for someone to try and log in. Even though you blocked the name which will help a lot and should block that username totally as long as the username is not already added to your Users.
So in answer to your question.
Apparently I misunderstood something? But what?
As far as I know you did not misunderstood anything. However when it comes to security there is a lot to learn and many options to enable in a website to protect the site from hackers, spammers etc. This is when this great plugin will help you in most of the cases by simply enabling the features available in the plugin. Of course you need to read the information carefully regarding the feature you choose to enable and then you should also test that feature as well.
Let me know if you need more help or information.
Regards
Hi,
No further help needed for this topic. Everything is clear. Thanks a lot for your time and bye for now.
Best regards
You are most welcome π
I will mark this support thread as resolved.
Enjoy the plugin
