Hi, they might be trying to get in from other areas in your site. Do you have one of the following features enabled.
Completely Block Access To XMLRPC:
Disable Pingback Functionality From XMLRPC:
Are you using one of the Brute Force features like Rename Login Page?
Hi,
Thanks for the reply. Yes, I have Completely blocked access to XMLRPC enabled and I have renamed the login page.. still I get failed login attempts every day..
I also tried to remove the IP from the blacklist, en added it again. It’s just NOT working..
Hi, can you carry out a test. What happens when you type the following in the browser?
yoursite.com/xmlrpc.php
I get the following output:
XML-RPC server accepts POST requests only.
I think the actual output result should be below;
Error 403 – Forbidden
You don’t have permission to access the requested resource. Please contact the web site owner for further assistance.
Ok, than it means that AIO WP Security is not working…
@jvalks, what it means is that the following option Completely Block Access To XMLRPC: is not working how it should work.
Can you disable the above mention option and click on save settings, then enable the option again and save the settings and type the following in the browser again.
yoursite.com/xmlrpc.php
Report back with the outcome.
Thank you
Ok, tried it… the result is the same..
Hi, are you running the latest version of this plugin? If you are, can you try the following addon to reset the plugin and enable the feature again. Carry out the same test and report back.
Thank you
Hi,
Tried the steps above… no luck! The results are the same.. I also tried it on a different (test) site..
I continue with Word Fence, since I installed it the attacked are successfully blocked after a few hours.
Good luck with fixing this.
Okay no problem, I understand.
If you don’t need any more help with this issue can you mark this support thread as resolved.
Thank you
I came from wordfence, bcos it gave me alot of problem, in fact the scanning function can be freeze and no way to solve it, last but not least visitor can hijack your login ip without anyway to remove or block it, good luck to you jvalks…
Thanks for this contribution.
Hi,
I don’t know if it’s the same problem, but i have an ip who connect like admin when i’m connected and i first think it’s an attack.
But the ip it’s from my host, OVH, i think the plugin just see a robot or i don’t know what, perhaps for save, from my host and it’s for that AIO don’t keep ip in “last connected ip” and can’t block it.
It’s not the same problem. This morning I got another mail from a different site that a login attempt was been made with the (renamed) admin account. This site is also running AIO WP Security and Firewall. I find it strange that the renamed admin account is used to try to login.
What those two sites have in common is that the fact they are being monitored and managed using ManageWP. Maybe that’s the weak point??
