Constant login attempts

  • Resolved Rodrigo

    (@vejapixel)


    9 years, 4 months ago

    Hello guys,

    I am constantly receiving notification of WordPress by email, about login attempts on my admin page. These attempts create a risk that at any moment the bot hits.

    But even if this possibility is very difficult, there is still another problem that is that this robot is constantly making several attempts and this generates a high consumption of my server similar to a DDOS attack.

    So, from the plugin part of you, is there anything I can do to stop these attempts?

    A captcha such as Google’s could solve this?

    Another thing is … this login attempts, I constantly receive one informing the IP of where this login attempt was made. But in the “Blocked IP Addresses” section (/admin.php?page=aiowpsec&tab=tab3), no IPs appear. Should not the plugin automatically detect these login attempts on my site, collect the IPs, and insert into this section so they can not retry?

    And there are some sections of the plugin that is informing me which feature can only be configured by the “super administrator” on the main site

    Thanks.
    Rodrigo

    • This topic was modified 9 years, 4 months ago by Rodrigo.
Viewing 4 replies - 16 through 19 (of 19 total)
1 2
  • Thread Starter Rodrigo

    (@vejapixel)

    9 years, 3 months ago

    Hello mbrsolution,

    As for the login page link in the page of my site, what I question is the following …

    The plugin asks you to change the name of the login page so that the hacker does not know the address of the login page and thus can not make the various attempts to access.

    But, let’s say my site has a login link in the header (link to the login page) for users to sign in to my site. So if the hacker does not know the new address of the login page, just go to the header of my site, take the link and make your various attempts to access.

    I hope I have been clear. If you have not decided, please let me know.

    I thank you.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    9 years, 3 months ago

    Yes that is what I thought you meant but I just wanted to be certain.

    If your site is a membership site have you considered adding a membership plugin? If you add a membership plugin you will be able to implement the Brute Force Rename Login Page feature.

    Thread Starter Rodrigo

    (@vejapixel)

    9 years, 3 months ago

    Hello

    If I rename the login page and then insert the (public) login link at the top of my site for users to sign in and log in. So what will solve in this case if the hacker can collect the login link on my site (the link is public).

    In the case of WordPress.org, your delogin page is https://login.wordpress.org/. This is public. To prevent several hacker login attempts, it will change the login address from https://login.wordpress.org/ to https://login2.wordpress.org/. Hence they place this link on the site for users to log in. So, what solved this, and the hacker can re-collect the login link https://login2.wordpress.org/?

    Even more than the WordPress.org login can be accessed by https://wordpress.org/login, where it is redirected to https://login.wordpress.org/. Which makes it easier to find.

    Anyway … if I make it difficult for the hacker to find the login page, I will also be making it difficult for ordinary users to find the login page.

    That’s what I do not understand.

    Plugin Contributor mbrsolution

    (@mbrsolution)

    9 years, 3 months ago

    Hi, the plugin developers will investigate further your issue.

    Thank you

Viewing 4 replies - 16 through 19 (of 19 total)
1 2

The topic ‘Constant login attempts’ is closed to new replies.