Brute force login attack

I’m using All-In-One Security (AIOS) – Security and Firewall plugin for my website. It’s two weeks that my website in under a Brute force login attack infact I’m receiving everyday more than 80/100 notification email of Locked IP addresses for failed login.
I’m wondering how it is possible they can insert their codes in my login page because it was hidden before with “rename of login page” and later activating “the Cookie-based brute force feature” (together they don’t work because they create access problems so I’m using just the last one).

My questions are:

1) Is it a problem of All-In-One Security (AIOS) – Security and Firewall plugin that I cannot completely hide access to my login page?

2) how do they get to the login page to enter their username and password if my login page should be not accessible with the Cookie-based brute force feature? They have always used “common” name users, easy to lock their IP addresses, but today they used my real login user. How they do it? Fortunately they are blocked because password was incorrect but now I can’t change my login user every day, what should I do?

3) Is there any other method or other plugin to block definitely the possibility to access login page for entering login codes???

4) below I send you my Stack Trace hoping that it could be useful to understand better what is happening in my website because I don’t understand too much about. If you need more info I’m at your disposal so thank you in advance for your help and advise you can give me.

Stack trace

array(19) {
[0]=>
array(6) {
["file"]=>
string(68) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/class-wp-hook.php"
["line"]=>
int(308)
["function"]=>
string(12) "record_event"
["class"]=>
string(33) "AIOWPSecurity_Audit_Event_Handler"
["type"]=>
string(2) "->"
["args"]=>
array(4) {
[0]=>
string(12) "failed_login"
[1]=>
array(1) {
["failed_login"]=>
array(3) {
["imported"]=>
bool(false)
["username"]=>
string(10) "marcoadmin"
["known"]=>
bool(true)
}
}
[2]=>
string(7) "warning"
[3]=>
string(10) "marcoadmin"
}
}
[1]=>
array(6) {
["file"]=>
string(68) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/class-wp-hook.php"
["line"]=>
int(332)
["function"]=>
string(13) "apply_filters"
["class"]=>
string(7) "WP_Hook"
["type"]=>
string(2) "->"
["args"]=>
array(2) {
[0]=>
string(0) ""
[1]=>
array(4) {
[0]=>
string(12) "failed_login"
[1]=>
array(1) {
["failed_login"]=>
array(3) {
["imported"]=>
bool(false)
["username"]=>
string(10) "marcoadmin"
["known"]=>
bool(true)
}
}
[2]=>
string(7) "warning"
[3]=>
string(10) "marcoadmin"
}
}
}
[2]=>
array(6) {
["file"]=>
string(61) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/plugin.php"
["line"]=>
int(517)
["function"]=>
string(9) "do_action"
["class"]=>
string(7) "WP_Hook"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
string(0) ""
}
}
[3]=>
array(4) {
["file"]=>
string(130) "/web/htdocs/www.MYWEBSITE.com/home/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-audit-events.php"
["line"]=>
int(334)
["function"]=>
string(9) "do_action"
["args"]=>
array(5) {
[0]=>
string(19) "aiowps_record_event"
[1]=>
string(12) "failed_login"
[2]=>
array(1) {
["failed_login"]=>
array(3) {
["imported"]=>
bool(false)
["username"]=>
string(10) "marcoadmin"
["known"]=>
bool(true)
}
}
[3]=>
string(7) "warning"
[4]=>
string(10) "marcoadmin"
}
}
[4]=>
array(6) {
["file"]=>
string(128) "/web/htdocs/www.MYWEBSITE.com/home/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-user-login.php"
["line"]=>
int(196)
["function"]=>
string(18) "event_failed_login"
["class"]=>
string(26) "AIOWPSecurity_Audit_Events"
["type"]=>
string(2) "::"
["args"]=>
array(1) {
[0]=>
string(10) "marcoadmin"
}
}
[5]=>
array(6) {
["file"]=>
string(68) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/class-wp-hook.php"
["line"]=>
int(308)
["function"]=>
string(17) "post_authenticate"
["class"]=>
string(24) "AIOWPSecurity_User_Login"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
string(8) "WP_Error"
}
}
[6]=>
array(6) {
["file"]=>
string(61) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/plugin.php"
["line"]=>
int(205)
["function"]=>
string(13) "apply_filters"
["class"]=>
string(7) "WP_Hook"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
string(8) "WP_Error"
}
}
[7]=>
array(4) {
["file"]=>
string(64) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/pluggable.php"
["line"]=>
int(616)
["function"]=>
string(13) "apply_filters"
["args"]=>
array(4) {
[0]=>
string(12) "authenticate"
[1]=>
NULL
[2]=>
string(10) "marcoadmin"
[3]=>
string(6) "123456"
}
}
[8]=>
array(4) {
["file"]=>
string(77) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/class-wp-xmlrpc-server.php"
["line"]=>
int(295)
["function"]=>
string(15) "wp_authenticate"
["args"]=>
array(2) {
[0]=>
string(10) "marcoadmin"
[1]=>
string(6) "123456"
}
}
[9]=>
array(6) {
["file"]=>
string(77) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/class-wp-xmlrpc-server.php"
["line"]=>
int(4824)
["function"]=>
string(5) "login"
["class"]=>
string(16) "wp_xmlrpc_server"
["type"]=>
string(2) "->"
["args"]=>
array(2) {
[0]=>
string(10) "marcoadmin"
[1]=>
string(6) "123456"
}
}
[10]=>
array(6) {
["file"]=>
string(77) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/class-wp-xmlrpc-server.php"
["line"]=>
int(707)
["function"]=>
string(21) "blogger_getUsersBlogs"
["class"]=>
string(16) "wp_xmlrpc_server"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
string(0) ""
}
}
[11]=>
array(6) {
["file"]=>
string(75) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/IXR/class-IXR-server.php"
["line"]=>
int(109)
["function"]=>
string(16) "wp_getUsersBlogs"
["class"]=>
string(16) "wp_xmlrpc_server"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
string(0) ""
}
}
[12]=>
array(6) {
["file"]=>
string(75) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/IXR/class-IXR-server.php"
["line"]=>
int(207)
["function"]=>
string(4) "call"
["class"]=>
string(10) "IXR_Server"
["type"]=>
string(2) "->"
["args"]=>
array(2) {
[0]=>
string(16) "wp.getUsersBlogs"
[1]=>
array(2) {
[0]=>
string(10) "marcoadmin"
[1]=>
string(6) "123456"
}
}
}
[13]=>
array(6) {
["file"]=>
string(75) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/IXR/class-IXR-server.php"
["line"]=>
int(109)
["function"]=>
string(9) "multiCall"
["class"]=>
string(10) "IXR_Server"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
string(0) ""
}
}
[14]=>
array(6) {
["file"]=>
string(75) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/IXR/class-IXR-server.php"
["line"]=>
int(59)
["function"]=>
string(4) "call"
["class"]=>
string(10) "IXR_Server"
["type"]=>
string(2) "->"
["args"]=>
array(2) {
[0]=>
string(16) "system.multicall"
[1]=>
array(1) {
[0]=>
array(2) {
["methodName"]=>
string(16) "wp.getUsersBlogs"
["params"]=>
array(1) {
[0]=>
array(2) {
[0]=>
string(10) "marcoadmin"
[1]=>
string(6) "123456"
}
}
}
}
}
}
[15]=>
array(6) {
["file"]=>
string(75) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/IXR/class-IXR-server.php"
["line"]=>
int(27)
["function"]=>
string(5) "serve"
["class"]=>
string(10) "IXR_Server"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
string(490) "system.multicall methodNamewp.getUsersBlogsparamsmarcoadmin123456
"
}
}
[16]=>
array(6) {
["file"]=>
string(75) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/IXR/class-IXR-server.php"
["line"]=>
int(35)
["function"]=>
string(11) "__construct"
["class"]=>
string(10) "IXR_Server"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
string(0) ""
}
}
[17]=>
array(6) {
["file"]=>
string(77) "/web/htdocs/www.MYWEBSITE.com/home/wp-includes/class-wp-xmlrpc-server.php"
["line"]=>
int(244)
["function"]=>
string(10) "IXR_Server"
["class"]=>
string(10) "IXR_Server"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
string(0) ""
}
}
[18]=>
array(6) {
["file"]=>
string(49) "/web/htdocs/www.MYWEBSITE.com/home/xmlrpc.php"
["line"]=>
int(87)
["function"]=>
string(13) "serve_request"
["class"]=>
string(16) "wp_xmlrpc_server"
["type"]=>
string(2) "->"
["args"]=>
array(1) {
[0]=>
string(0) ""
}
}
}

• This topic was modified 2 years, 10 months ago by pakalolo1974.