Title: Brute Force Attacks Last modified: August 31, 2016 --- # Brute Force Attacks * [christkind](https://wordpress.org/support/users/christkind/) * (@christkind) * [10 years ago](https://wordpress.org/support/topic/brute-force-attacks-12/) * Hello, * on my website [http://www.klessath.de](http://www.klessath.de) I have the plugin Theme My Login 6.4.4 in use. I am very happy with it. * For about 2 months, my site is constantly attacked by brute force attacks. In the plug-in security settings I have the file wp-login.php disabled and the login attempts per hour to 3 limits per hour (blocking 12 hours). * Nevertheless, the attacks do not stop. I have now collected information in WordPress forums and other WordPress technical papers. There various advice is given. U. a. Recommends to set secure passwords that 2-way authentication with the Google Authenticator or a password using the .htaccess file. * Other approaches are to move WordPress into a subdirectory or disable the XML- RPC interface, in order to eliminate attack surface. * Before I do that, I want to know how the plugin “Theme My Login” in harmony with it. I would be delighted to receive professional guidance and advice from you. * Thank you. * [https://wordpress.org/plugins/theme-my-login/](https://wordpress.org/plugins/theme-my-login/) Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [Jeff Farthing](https://wordpress.org/support/users/jfarthing84/) * (@jfarthing84) * [10 years ago](https://wordpress.org/support/topic/brute-force-attacks-12/#post-7324874) * I’m not excatly sure of what you’re asking… * [Mike](https://wordpress.org/support/users/thewordpressdude/) * (@thewordpressdude) * [10 years ago](https://wordpress.org/support/topic/brute-force-attacks-12/#post-7324888) * christkind, You might want to check out WordFence at [https://wordpress.org/plugins/wordfence/](https://wordpress.org/plugins/wordfence/). You can block attackers and even disable them from accessing your site by their IP number. It’s worked well fur us. Thanks, Mike * Thread Starter [christkind](https://wordpress.org/support/users/christkind/) * (@christkind) * [10 years ago](https://wordpress.org/support/topic/brute-force-attacks-12/#post-7324893) * **[@mike](https://wordpress.org/support/users/mike/):** Thanks for your tip. On my system, the XML-RPC API was attacked. Meanwhile I have found a solution. I have this API disabled with the WP-Plugin [“Disable XML-RPC”](https://de.wordpress.org/plugins/disable-xml-rpc/). The attacks have ceased. * **[@jeff](https://wordpress.org/support/users/jeff/):** I just wanted to know how TML responded to the 2-way authentication with the Google Authenticator and a password using into the .htaccess file, or disabling the XML-RPC file. * Plugin Author [Jeff Farthing](https://wordpress.org/support/users/jfarthing84/) * (@jfarthing84) * [10 years ago](https://wordpress.org/support/topic/brute-force-attacks-12/#post-7324902) * I wouldn’t know. Do let us know if it works for you. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Brute Force Attacks’ is closed to new replies. * ![](https://ps.w.org/theme-my-login/assets/icon-256x256.png?rev=1891232) * [Theme My Login](https://wordpress.org/plugins/theme-my-login/) * [Frequently Asked Questions](https://wordpress.org/plugins/theme-my-login/#faq) * [Support Threads](https://wordpress.org/support/plugin/theme-my-login/) * [Active Topics](https://wordpress.org/support/plugin/theme-my-login/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/theme-my-login/unresolved/) * [Reviews](https://wordpress.org/support/plugin/theme-my-login/reviews/) ## Tags * [brute force attacks](https://wordpress.org/support/topic-tag/brute-force-attacks/) * 4 replies * 3 participants * Last reply from: [Jeff Farthing](https://wordpress.org/support/users/jfarthing84/) * Last activity: [10 years ago](https://wordpress.org/support/topic/brute-force-attacks-12/#post-7324902) * Status: not resolved