Support » Plugin: Wordfence Security - Firewall & Malware Scan » brute force protection

  • Resolved Irene

    (@arlinaite)


    My settings are:

    • Lock out after how many login failures: 2
    • Lock out after how many forgot password attempts: 2
    • Count failures over what time period: 5 minutes
    • Amount of time a user is locked out: 2 months
    • Immediately lock out invalid usernames

    If this are my settings, how could be that I see for ex. 17 block counts for the same IP in one day. This is because they are trying to login 1 time each 5 minutes?
    If I change the 5 minutes for one day, I will receive less Brut Force attacks?
    It will help to reduce the attacks changing the user name?
    I am using Google two factor authentication too
    Thanks in advance

Viewing 1 replies (of 1 total)
  • Plugin Support wfdave

    (@wfdave)

    Hi @arlinaite,

    This setting Count failures over what time period: 5 minutes, is too low.

    That means a bot only needs to wait 5 minutes between login attempts to avoid getting locked out.

    Setting it to a day would definitely block more brute force attacks.

    Dave

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.