For the most part, Limit Login Attempts Reloaded has been working great. However on one site, I’ve been getting a lot of IPs trying to login as user “#profilepage”. That’s not a real user so they’ll never actually get logged in, so that’s not an issue. I’ve entered that as well as just “profilepage” into the block list, but it continues to appear in the lockout log. It’s as if the “#” is somehow allowing these attempts to bypass the plugin’s block list. If that’s the case, this could become the source of a DoS attack.
Does anyone have any ideas of what I may need to adjust to actually block login attempts from this odd username?
- The topic ‘How to block login attempts by user “#profilepage”’ is closed to new replies.