Support » Plugin: Wordfence Security - Firewall, Malware Scan, and Login Security » How are they finding the login page?

  • Resolved jtdataworks

    (@jtdataworks)


    This is not a support issue per se. But I really need help blocking a brute force issue. I have an attempt being made continuously on a site. It is using resources and needs to be stopped.

    If I block the user they are trying, they just try a new user.

    The IP and country changes every time, so blocking the IP or country doesn’t work.

    I tried hiding the login page. That didn’t work. Why, I have no idea.

    I blocked the whole WP admin folder with an htaccess that allows only my IP. And yet Wordfence alerts say the attempts continue unabated.

    How is that even possible? How can someone make a login attempt if they cannot reach the login page? Help. 🙂

    Judy

    https://wordpress.org/plugins/wordfence/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author WFMattR

    (@wfmattr)

    Judy,

    They are most likely attempting logins through xmlrpc.php — the same way that the WordPress app connects to a WordPress site.

    If you don’t use the WordPress app, desktop blogging software, or other features that use XML-RPC (like trackbacks and pingbacks), you can disable it with a plugin such as “Disable XML-RPC” — that may make each request use a little less of your resources, but it will still use some.

    Aside from that, your host may be able to help you block requests coming to xmlrpc.php before they reach the site. If you know how to use .htaccess well enough, you could block xmlrpc.php in there as well, just be very careful, and save your existing .htaccess file in case you have problems with adding the new code.

    -Matt R

    Thread Starter jtdataworks

    (@jtdataworks)

    Many thanks! The plugin resolved the issue – 24 hours without login attempts.

    Love Wordfence by the way, thanks for a great plugin!

    Judy

    Plugin Author WFMattR

    (@wfmattr)

    Great, and thanks for the feedback, too!

    -Matt R

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘How are they finding the login page?’ is closed to new replies.