Support » Plugin: All In One WP Security & Firewall » Constant login attempts

  • Hello guys,

    I am constantly receiving notification of WordPress by email, about login attempts on my admin page. These attempts create a risk that at any moment the bot hits.

    But even if this possibility is very difficult, there is still another problem that is that this robot is constantly making several attempts and this generates a high consumption of my server similar to a DDOS attack.

    So, from the plugin part of you, is there anything I can do to stop these attempts?

    A captcha such as Google’s could solve this?

    Another thing is … this login attempts, I constantly receive one informing the IP of where this login attempt was made. But in the “Blocked IP Addresses” section (/admin.php?page=aiowpsec&tab=tab3), no IPs appear. Should not the plugin automatically detect these login attempts on my site, collect the IPs, and insert into this section so they can not retry?

    And there are some sections of the plugin that is informing me which feature can only be configured by the “super administrator” on the main site

    Thanks.
    Rodrigo

    • This topic was modified 3 years, 1 month ago by Rodrigo.
Viewing 15 replies - 1 through 15 (of 19 total)
  • Plugin Contributor mbrsolution

    (@mbrsolution)

    Hi Rodrigo, do you also have one of the Brute Force features in the plugin enabled?

    Hello,
    If you talk about the renewal of the login page, then YES, I have activated this feature and my login page is customized.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    What about the following. Do you have any of the following features enabled under Firewall -> Additional Firewall rules?

    1. Deny Bad Query Strings
    2. Enable Advanced Character String Filter

    On My Dashboard (/admin.php?page=aiowpsec), In the “Critical Feature Status” block, shows that the “Basic Firewall” is ON.
    But I did not find the Firewall -> Additional Firewall rules.

    The plugin shows me only these Menus:

    Panel
    Settings
    User Accounts
    User login
    User Registration
    DB Security
    WHOIS Search
    Brute force
    SPAM prevention
    Home
    Miscellaneous

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Sorry I forgot you are running a Multisite installation. Did you enable the feature I mentioned above in the network admin site?

    Yes, but it was activated on the sites separately and not in the network administration, because the plugin settings only appear to me when I am in the panel of each site. The network panel does not show me the plugin’s settings.

    Do you think it could be lacking a Capcha?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Yes try adding captcha and see how that works for you.

    Please check the following documentation, which explains the different menus you see for an admin network site and a single site.

    Hello,

    I’ve enabled Google Captcha for the login page (http://idiomas.proddigital.com/digital-admin), but I’m getting too many login attempts anyway.

    Just today I had more than 20 login attempts so far (at 11:37 am) for my site idiomas.proddigital.com.

    When there is a login attempt that did not work, I receive an email such as:

    IP Address: 195.154.241.166
    IP Range: 195,154,241. *

    Could I put these IPs on the blackhat list? Will this help or is it unnecessary since the bots are always changing IPs? If yes, then where do I place the IP, and which IPs (IP Address or IP Range) should I put?

    Is there anything else you could tell me to do to stop these login attempts?

    Something else … the article you submitted shows the Mulsitsite Network Plugin menu and the Single Site Network. But for me it only shows the menu in the unique sites, because in the Network does not show. Because?

    I thank you.
    Rodrigo

    • This reply was modified 3 years, 1 month ago by Rodrigo.

    I’d start with changing the admin URL and then <b>NOT</b> publishing it online somewhere. You’ll still get the 404s of people trying the regular wp-login but you can ignore those. Personally I wouldn’t worry too much about the blocked ones (they merely prove the protection works) but I’d change the admin URL to something else that nobody knows and see what happens. If you get a lot of hits on your “old” admin URL it means someone has leaked it.

    I’d also see just how well protected your files are – I’m no .htaccess expert but blocking file and directory reads strike me as a minimum precaution – maybe you have a conflict there. If someone can read your AIOWPS settings, changing the admin URL is going to be mildly pointless.

    Apologies if you already know this – it’s more what I would do as a moderately competent amateur :).

    Hello PilhasInc,

    Thanks for your help. The problem with changing the login page URL is that all registered users on the site will not know the new login address. From there I will have to give the address to each of them.

    Now … let’s say my site has a login link in the header. So how important would it be to change the login URL, the hacker being able to get the new login URL just by looking at the login link in the header of my site.

    I thank you.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    (@vejapixel), in regards to your question.

    When there is a login attempt that did not work, I receive an email such as:

    IP Address: 195.154.241.166
    IP Range: 195,154,241. *

    Could I put these IPs on the blackhat list? Will this help or is it unnecessary since the bots are always changing IPs? If yes, then where do I place the IP, and which IPs (IP Address or IP Range) should I put?

    Put the IP address range in the following area, WP Security -> Blacklist Manager. This should help you as well.

    Hello,

    I have not found the WP Security -> Blacklist Manager section. Only the menus appear for me:

    Panel
    Settings
    User accounts
    User login
    User Registration
    DB Security
    Whois Search
    Brute Force
    SPAM prevention
    Start
    Miscellaneous

    I’m trying to locate this section (WP Security -> Blacklist Manager) on my individual site (subdomain), because no Superpad menu appears in the Superadmin panel.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    Sorry I forgot that you are running a Multisite set up. WP Security -> Blacklist Manager, does not run in an individual site. It only runs in the main admin site as per the URL I shared above.

    Hello mbrsolution, in my network administration there is no AIOWPS plugin menu. Only appears on individual sites. So I can not find WP Security -> Blacklist Manager anywhere.

    The URL you sent me Não explica aonde localizar o WP Security -> Blacklist Manager.

    And another question that I had made above … if a site has a login page link, for example, in the Header, then what is the need to change the login URL, where the hacker can access the site and collect The new login URL in Header?

    Plugin Contributor mbrsolution

    (@mbrsolution)

    That is correct, on individual sites the Blacklist Manager feature will not show.

    In regards to the following comment. Can you provide more information.

    if a site has a login page link, for example, in the Header, then what is the need to change the login URL, where the hacker can access the site and collect The new login URL in Header?

    Thank you

Viewing 15 replies - 1 through 15 (of 19 total)
  • The topic ‘Constant login attempts’ is closed to new replies.