Hi @aibol90,
WP security > Dashbaord > Audit logs have Failed login records you can corss check stack trace to see what is cuasing that filed login. It might be XML RPC call of getUsersBlogs which may creating the Falied login records usign xmlrpc
WP Security > User security > Login lockout tab – Enable login lockout tab with option lockout invalid usernames.
if stop user enumeration not on It might be the reason your admin username exposed – WP Security > Miscellaneous > User enumeration tab check there.
XML RPC call of wp_getUsersBlogs is trying to authenticate the user. – WP Security > Firewall > Basic firewall rules tab > Completely block access to XMLRPC , Disable pingback functionality from XMLRPC Please check both and Save.”
Thanks for the answer! I have blocking enabled for non-existent usernames. I’ll try to enable the Completely block access to XMLRPC option
Hi @aibol90,
Ok, keep me posted if that has solved the issue.
Regards
Hi! This seems to have solved the problem. There have been no failed login attempts since yesterday. Thanks a lot!
Hi @aibol90
Glad to know the issue seems solved.
Would you mind writing a quick five-star review on wordpress.org?
https://wordpress.org/support/plugin/all-in-one-wp-security-and-firewall/reviews/#new-post
Reviews also help others to make confident decisions about our plugin.
Regards
I just experienced the exact same problem after doing plugin updates. There were random, multiple attempts to log in using the Display Name, which your plugin successfully blocked. Changing the login address did not stop the attempts. There are calls to getUsersBlogs in the stack trace. I just checked Completely block access to XMLRPC and Disable pingback functionality from XMLRPC, as you recommend. I’ll let you know if the problem is resolved in a few days. Do you know what is causing the XMLRPC calls? Is it WordPress, another plugin, or something external? The IPs for the invalid logins are coming from all over Europe, so they appear to be external calls.
Hi @wpdogger
XMLRPC calls are of WordPress, So it need to be disabled for invalid login attempts by getUserBlogs.
Ok keep me posted
Regards