Now, locked out users increased from 30 to 35. They are from Russia, georgia, kazakhstan, sydney, etc.
It sounds like wordfence security is doing its job. What is it exactly that you need help with?
now its total 107 attempts. when it will gonna stopped? what if he succeed?
Don’t be concerned. It’s an automated attack by bots to try and “brute force” a login to yur site.
The only concern that you should have is if you use ‘admin’ as a username, if you have a weak password, or you don’t keep the site updated. If you don’t do any of those, you will be fine.
Just as a note, I’ve got a site that was hit a litlte bit last night. I woke up to arounf 400 lock-out emails. And that’s nothing. The best that I’ve seen so far was one site that was hit just over 5,000 times in a 6 hour period, so a 200-300 attempts is really nothing to be concerned about at all.
As far as when it will stop, it will stop when the bots decide that they’ve had enough and move on to another target. Could be minutes or could be days.
Like @catacaustic said, as long as you don’t make your username or your password admin then you should be fine. Also make sure that you have some sort of brute force protection. I would suggest using iThemes Security to do so.
I also had one website that got 3000 lock out emails in one night. I set up brute force attack protection and with in one week it was no more.
On my blog, I have no reason that anyone would need to register so I just went into General Settings and unchecked “Anyone Can Register”. People can comment without needing to register but I use Anti-Spam and Akisment to handle those.
my site’s admin username is 8 digit unique and pass is 16 digit auto generated. I dont know much about brutal force. Am i in denger, I only use Limit Login Attempts as security plugin, the less plugin, the more safe I think.
