Hello,
Errors have started to be logged again.
Login Failed and then the IP is locked out, and this is with a different wp-admin page specified.
John
Hello,
Not sure if this is relevant, but here is what the access log indicated about the failed attempt to login to my site.
86.99.68.40 – – [12/Oct/2016:14:21:04 +0100] “GET /wp-login.php HTTP/1.1” 404 1638 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1”
86.99.68.40 – – [12/Oct/2016:14:21:05 +0100] “POST /wp-login.php HTTP/1.1” 404 1638 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1”
86.99.68.40 – – [12/Oct/2016:14:21:06 +0100] “GET /wp-login.php HTTP/1.1” 404 1638 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1”
86.99.68.40 – – [12/Oct/2016:14:21:06 +0100] “POST /wp-login.php HTTP/1.1” 404 1638 “-” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1”
Your plugin reported this IP making an attempt to login using an nonexistent user
John
Hi, can you report this finding to your host? I read the original posting via the email I received.
Regards
-
This reply was modified 7 years, 6 months ago by mbrsolution.
OK, I had another response form you that asked are my browsers up to date?? yes they are i use Chrome, Firefox and Safari and they are all up to date.
My issue is i do not understand this issue well enough to engage the Host in a useful dialogue, when i engage with them what am i reporting exactly…????
Please try to help me on this.
thanks
John
Just get your host to check your log files. Let me know that you are receiving too many login attempts to your site. You could also use the following site check to see if you have some other issues on your site.
I have checked the site using the link you provided, thank You for that, it comes up clean except with a warning that there was no Firewall detected, which seems a little odd as i have it fully configured using the All in one Security plugin.
Also, i think i am missing the point here, why should the Hosting company do anything about the number of login attempts? after all i am using your plug in to help me protect against this … i have used the Option to rename the Admin page yet they still appear to be getting around that option, and finding a way to attempt a log in.
Maybe i have misunderstood the purpose of the plug in in this respect….
Okay lets try something for testing purposes. If you have the User Login -> Login Lockdown feature enable, can you disable this. Let me know if you still receive more fail login records.
If i do this are you prepared for the results?
John
Hi John what do you mean by your question?
Hi,
I don’t think they are getting to your login page at all – I suspect they are targetting your xml-rpc interface.
Please try the following test:
Using a browser go directly the WordPress xmlrpc.php file.
Eg:
yoursite.com/xmlrpc.php
When you do the above, what do you see?
Ref my question, I just want to know what you were expecting, more or less ?
but i do appreciate the continued support.
This is my first real WP site and i am not used to this “illegal” activity linked to my web site, maybe this is the norm, when a new site is located they try to break into it if they fail they move on…
So maybe i am not going to get the same level of that type of activity any more.
John
Hello,
The results i had from the yoursite.com/xmlrpc.php
Were:-
XML-RPC server accepts POST requests only.