such attacks cant be stopped; however, you can block logins after a single failed attempt.
Under WF options, set the limit to 1 for failed logins and increase the number of days to 60 -90
I use CloudFlare with the following page rules …
*mysite.com/wp-login*
Browser Integrity Check: On, Security Level: I’m Under Attack, Cache Level: Bypass
*mysite.com/wp-admin*
Browser Integrity Check: On, Security Level: I’m Under Attack, Cache Level: Bypass
Thank you. I’ve done it.
Also do you know what these are:
“Directory Traversal – wp-config.php in query string”
And also this: “/xmlrpc.php” ?
Can I delete those files? Or move them?
They try to use them to have access into WordPress I believe.
Do NOT delete or move any files from standard WP install! Especially NOT wp-config.php which should have 444 as file permissions and there are ways to deal with hacking attempts using xmlrpc.php Just google for it.
Thank you Sinip.
Since then, I had a look into the website thru’ the FTP server.
There are some weird file name that I don’t remember to upload them myself such as “_php.jpg” Very odd, all created the same day…
Concerning the: “/xmlrpc.php” on google, I found various articles – some people say it’s safe to remove it – if you don’t want to post anything remotely – some other say to rename it.
Could rename it would be a good option? What have you done for yours?
Thank you
Regarding _php.jpg well yes it is odd a bit. Check to see if it is really an image and if yes what does it show. Otherwise it is probably safe to delete it.
I didn’t touch my xmlrpc, no problems encountered so far, and as far as I know if you plan to use Jetpack you’ll need it or some things will not work.
