Support » Plugin: NinjaFirewall (WP Edition) » Continuous POST /wp-login.php how to stop?

  • Resolved kpawson


    I’ve been getting continuous POST wp-login.php attempts for the past 4 days now on two WP sites that I have. Running IDS SNORT on the backend and get the alerts so that’s how I can see login attempts of username admin and various passwords.

    Don’t have any usernames of admin, however I really want to stop these posts and have tried several methods. The best so far has been using Ninja Firewall, so thanks for creating this excellent plugin!

    I’ve set the lockout to 99min, but they keep coming back, is there anything else that I can try or do?


Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet



    You can leave it that way, or set the login protection to “Always ON”.

    It seems you are facing one of those dumb bots that will keep trying all passwords for days before they give up. There is nothing else to do, NinjaFirewall protects the page against the brute-force attack and it should not use a lot of server resources.

    Thanks for that, I’ve now turned it on to “Always ON”. However I still see two more alerts show up after about an hour from changing it to Always On.

    Will look into the post string further, but I really don’t see how their post can get past the login protection banner prompt… if I do it manually and click cancel then perhaps they can try add post again?

    Many thanks

    Plugin Author nintechnet


    When they call the page, they will get a ‘401 Unauthorized’ error code.

    In your HTTP logs, you should see their request + the HTTP error code.

    Yep I see the 401 so that’s all good. Have finally stopped it with using CloudFlares page rules, nothing from Snort in over 4 hours now.

    Thanks again for your help and response and one thing good that came from this is that I found your excellent Firewall! Keep up the great work.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Continuous POST /wp-login.php how to stop?’ is closed to new replies.