Title: Doesn't stop anything Last modified: August 31, 2016 --- # Doesn't stop anything * Resolved [netpagz](https://wordpress.org/support/users/netpagz/) * (@netpagz) * [10 years, 4 months ago](https://wordpress.org/support/topic/doesnt-stop-anything/) * I installed the plugin, but it did nothing to stop brute-force attacks. I am still getting thousands of attacks per day. None of them are even logged in the firewall log or live log. Thought you might like to know. The firewall says it is running and does have things logged, but nothing about the brute force attacks that other plugins (Sucuri, etc) are notifying me about every minute. * [https://wordpress.org/plugins/ninjafirewall/](https://wordpress.org/plugins/ninjafirewall/) Viewing 11 replies - 1 through 11 (of 11 total) * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [10 years, 4 months ago](https://wordpress.org/support/topic/doesnt-stop-anything/#post-7054515) * Hi * What is your configuration in the “NinjaFirewall > Login Protection” page? * Thread Starter [netpagz](https://wordpress.org/support/users/netpagz/) * (@netpagz) * [10 years, 4 months ago](https://wordpress.org/support/topic/doesnt-stop-anything/#post-7054516) * Always ON. Apply to xmlrpc.php as well. * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [10 years, 4 months ago](https://wordpress.org/support/topic/doesnt-stop-anything/#post-7054524) * If you don’t see any connection from the Live Log page, there must be something wrong. * What happens if you log out of WordPress and then try to access the admin login again? Do you get NinjaFirewall login page? * Also, do you have some HTTP log samples from the attack (just a few lines)? * Thread Starter [netpagz](https://wordpress.org/support/users/netpagz/) * (@netpagz) * [10 years, 4 months ago](https://wordpress.org/support/topic/doesnt-stop-anything/#post-7054528) * I agree it doesn’t make any sense. There are lines logged to the live and firewall log, just nothing related to these attacks. I am still looking through the email headers and logs to find out more. Will post what I find. * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [10 years, 4 months ago](https://wordpress.org/support/topic/doesnt-stop-anything/#post-7054538) * Set it to “Yes, if under attack” and use these values: -Protect the login page against POST request attacks (default). -Password-protect it: For 5 minutes, if more than 2 POST requests within 10 seconds. * Then wait a bit and check the firewall log again. * Thread Starter [netpagz](https://wordpress.org/support/users/netpagz/) * (@netpagz) * [10 years, 4 months ago](https://wordpress.org/support/topic/doesnt-stop-anything/#post-7054632) * I have set the settings as you suggested. The firewall log shows some hacker blocks. However, I have other security plugins (Sucuri, All-in-One, etc) installed that are alerting me to hack attempts from other IP addresses that don’t show up at all in the firewall log? How did those attacks get through the firewall? * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [10 years, 4 months ago](https://wordpress.org/support/topic/doesnt-stop-anything/#post-7054644) * That means it is working. * If you enable ‘Always ON’, the firewall will **not** log attacks because it will block any access to the login page, including yourself. But if you check your HTTP log, you will see that everyone is blocked and that WordPress isn’t even loaded. * If set to ‘Yes, if under attack’, the firewall will write to its log when the attack starts (it will not log each failed login attempt), e.g.: ‘Brute-force attack detected on xxxxx – [enabling HTTP authentication for 5mn]’. It will silently block all attempts for the next 5mn. * You would need to post here the log/alerts you received from other plugins so that I could see exactly what it is. If the login protection is set to, for instance, ‘Password-protect it For 5 minutes, if more than 8 POST requests within 5 seconds’, the firewall will not block or log the first 7 attempts, but only the 8th one and all subsequent ones for the next 5 minutes. You may have a plugin that is sending alerts related to the first 7 attempts? * Thread Starter [netpagz](https://wordpress.org/support/users/netpagz/) * (@netpagz) * [10 years, 3 months ago](https://wordpress.org/support/topic/doesnt-stop-anything/#post-7054769) * I have All-in-one plugin set to block brute force attacks after 5 attempts. I have NinjaFirewall set to block after 4 attempts. So NinjaFirewall should stop all attacks before All-in-One sees them. A few minutes ago I received the following notification from AIO: * > A lockdown event has occurred due to too many failed login attempts or invalid > username: > Username: admin IP Address: 46.148.22.18 > IP Range: 46.148.22.* > Log into your site’s WordPress administration panel to see the duration of > the lockout or to unlock the user. * That IP address does not appear in the NinjaFirewall log at all. Also, there are no brute force preventions logged in the NinjaFirewall for that domain at all either. * Doesn’t seem like NinjaFirewall is blocking brute-force attacks. * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [10 years, 3 months ago](https://wordpress.org/support/topic/doesnt-stop-anything/#post-7054770) * It is written “A lockdown event has occurred due to too many failed login attempts** or invalid username**“. If you don’t have a ‘admin’ user, then it blocked it for that reason. * To me, your copy NinjaFirewall is working as expected. * The main issue is that you have too many security plugins managing your login page. That’s too much confusing and, as you can see, that makes your life more complicated rather than making it easier! * Thread Starter [netpagz](https://wordpress.org/support/users/netpagz/) * (@netpagz) * [10 years, 3 months ago](https://wordpress.org/support/topic/doesnt-stop-anything/#post-7054778) * Does NinjaFirewall not protect against invalid usernames? I am trying to find a way to stop the brute force attackers from even being able to access my server. I have not yet found one plugin that will do it, so I am using 3. * Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/) * (@nintechnet) * [10 years, 3 months ago](https://wordpress.org/support/topic/doesnt-stop-anything/#post-7054779) * No, it does not because that requires to load WordPress and the database. If you faced a large attack, that would kill the server. If you turn the protection to “Always ON”, all accesses will be blocked and be prompted to enter the firewall login/password. That works better than any other protection, because WordPress is not loaded as long as the password is not correct. Viewing 11 replies - 1 through 11 (of 11 total) The topic ‘Doesn't stop anything’ is closed to new replies. * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137) * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/) * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq) * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/) * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/) * 11 replies * 2 participants * Last reply from: [nintechnet](https://wordpress.org/support/users/nintechnet/) * Last activity: [10 years, 3 months ago](https://wordpress.org/support/topic/doesnt-stop-anything/#post-7054779) * Status: resolved