Support » Plugin: All In One WP Security & Firewall » Brute Force techniques

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi cwarrent, do you have a Shared account, Pro account, VPS or Dedicated Server? How much memory is allocated to WordPress? I use this plugin on 4 different servers and I never experienced this issue before. Have you checked your server log files?

    Hello. Thanks for replying!

    Apologies I should of made it clear that the plugin works great and I love it!

    I’m on a Dedicated server that I manage and while it’s not a massive problem, the resources taken by those attempting to login would be best removed.

    I like to have my server running as well as possible so would like to eradicate those trying to continually login.

    Working out what the best options would be with the plugin and my issues as documented above.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi, have you tried enabling the Enable Rename Login Page Feature under Brute Force settings?

    I’ve tried it before but this wasn’t as effective at cutting out logins as the incorrect login usernames.

    I recall some bulk login hackers would keep hitting the 404 page rather than be instantly banned.

    I’ll give it a try for this account and try monitor the activity. It may be that the hackers hitting the 404 page is more effective and less a resource drain than being able to repeatedly attempt logins.

    Thanks again mbrsolution!

    Plugin Contributor mbrsolution

    (@mbrsolution)

    What firewall rules have you enabled?

    All apart from the latter few…

    – Hotlinks
    – 404 Detection

    My experience of using the 404 detection was that it’d generate massive logs and I couldn’t keep on top of trying to lockout all the many IP’s per day if makes sense.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Do you have any other security plugin installed? You could also whitelist your IP address as long as it is a static IP address, however if you do whitelist the IP address remember that only that IP address will be able to log into your website.

    No other security plugins.

    The problem with the IP address is my client is on a connection where the IP changes very often.

    I’ll recommend changing the WPADMIN URL with my client and see how this effects things.

    PS. It’d be great if the plugin had a PayPal donate page as I’d like to say thanks for creating such a great plugin.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    I am marking this thread as resolved.

    Thank you

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Brute Force techniques’ is closed to new replies.